40 matches found
CVE-2021-22115
Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller...
CVE-2021-22115
CVE-2021-22115 affects Cloud Foundry Cloud Controller API prior to version 1.106.0. The vulnerability arises because the CAPI database logs service broker passwords in plain text when a job to clean up orphaned items runs, exposing credentials if log access is compromised. Affected product/versio...
CVE-2020-8267
A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect...
Code injection
Cloud Foundry Cloud Controller API CAPI, version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins...
CVE-2019-11294 CAPI leaks service broker URLs and GUIDs to space developers
Cloud Foundry Cloud Controller API CAPI, version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins...
Schneider Electric Modicon M580/BMENOC 0311/BMENOC 0321 Information Disclosure Vulnerability
The Modicon M580/BMENOC 0311/BMENOC 0321 are programmable logic controllers from Schneider Electric. An information disclosure vulnerability exists in the Modicon M580/BMENOC 0311/BMENOC 0321. An attacker can exploit this vulnerability to obtain sensitive information when reading specific registe...
CVE-2018-2373
Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0...
Pivotal CF capi-release, cf-release and cf-deployment application subdomain takeover vulnerability
Pivotal Cloud Foundry CF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software, Inc. that provides container scheduling, continuous delivery, and automated service deployment. cf-release is a release of CF. cf-deployment is a development version. version...
CVE-2017-8048: Cloud Controller API regression | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions capi-release versions 1.33.0 and later, prior to 1.42.0 cf-release versions 268 and later, prior to 274 Please note: due to a bug in 274, it is not recommended for production use. Deployments should use...
CVE-2017-8037: Incomplete fix for Cloud Controller API access to CC VM Contents | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Versions Affected CAPI-release versions after v1.6.0 and prior to v1.38.0 cf-release versions after v244 and prior to v270 Description This CVE is for an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should als...
CVE-2017-8035
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud...
CVE-2017-8033
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...
Design/Logic Flaw
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud...
CVE-2017-8033
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...
Pivotal Software Cloud Foundry cf-release and CAPI-release information disclosure vulnerabilities
Pivotal Software Cloud Foundry CF is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from Pivotal Software in the United States, which provides container scheduling, continuous delivery, and automated service deployment, among other capabilities. cf-release and...
Pivotal CAPI-release Incompletely Fixes Remote Code Execution Vulnerability
Pivotal CAPI-release an open source Platform-as-a-Service PaaS cloud computing platform from U.S.-based Pivotal Software, which provides container scheduling, continuous delivery, and automated service deployment, among other features. A security vulnerability exists in the Cloud Controller API i...
Design/Logic Flaw
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 only. The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushin...
CVE-2017-8036
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 only. The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushin...
CVE-2017-8036
CVE-2017-8036 affects Cloud Foundry Foundation Cloud Controller API via a regression introduced by the fix for CVE-2017-8033 in CAPI-release 1.33.0 (only). A space developer can push a crafted app to execute arbitrary code on the Cloud Controller VM. The issue, tied to the same regression path as...
CVE-2017-8036
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 only. The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushin...