5 matches found
CVE-2019-11294
Cloud Foundry Cloud Controller API CAPI, version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins...
CVE-2019-11294 CAPI leaks service broker URLs and GUIDs to space developers
Cloud Foundry Cloud Controller API CAPI, version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins...
CVE-2019-11294: CAPI leaks service broker URLs and GUIDs to space developers | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description Cloud Foundry Cloud Controller API CAPI, version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins. Affected Cloud Foundry Products and...
CVE-2018-11086
Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin...
CVE-2017-14389
An issue was discovered in Cloud Foundry Foundation capi-release all versions prior to 1.45.0, cf-release all versions prior to v280, and cf-deployment all versions prior to v1.0.0. The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that...