CVE-2026-41013

Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...

PT-2026-45516

Name of the Vulnerable Software and Affected Versions smb-volume-release versions prior to v3.60.0 CF Deployment versions prior to v56.0.0 Description An input validation bypass exists in the SMB volume mount handling within CloudFoundry Foundation diego-release. This allows a low-privileged CF...

EUVD-2019-2971

Malware in sbrugna...

CVE-2023-20885

Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions...

CVE-2023-20885

Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions...

Design/Logic Flaw

Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions...

CVE-2023-20885

CVE-2023-20885 affects Cloud Foundry components: Notifications, SMB-volume, and cf-nfs-volume. The root issue is leakage of credentials through kernel audit logs, where arguments passed to binaries that access the filesystem can disclose admin/service credentials (e.g., cf auth --client-credentia...

CVE-2023-20885 CF workflows leak credentials in system audit logs

Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions...

CVE-2023-20885: CF workflows leak credentials in system audit logs | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Description Cloud foundry team found that the kernel audit logging is enabled on some components due to which various lifecycle workflows in the platform that use admin or service credentials in invocations of binaries are picked up by the audit...

CVE-2019-17596: x509 parsing in Golang can cause panic | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Description Various Cloud Foundry components are written in Go and are therefore vulnerable to a denial of service attack. Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public...

CVE-2019-11283

Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume...

CVE-2019-11283

Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume...

Default credentials

Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume...

CVE-2019-11283

Cloud Foundry SMB Volume (versions prior to 2.0.3) leaks credentials to logs. The SMB driver writes usernames and passwords for recently created volumes into log files, enabling a remote user with log access to take control of the affected SMB Volumes. According to the sources, the vulnerability ...

CVE-2019-11283 Password leak in smbdriver logs

Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume...

Cloud Foundry SMB Volume CVE-2019-11283 Information Disclosure Vulnerability

Description Cloud Foundry SMB Volume is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Technologies Affected Cloud Foundry SMB Volume 1.0.0 Cloud Foundry SMB Volume 1.1.0 Cloud Foundry...

CVE-2019-11283: Password leak in smbdriver logs | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created...