CVE-2026-41860

CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...

GHSA-J4P3-2M2H-CV5F Cloud Foundry UAA Denial of Service through client token revocation endpoint

An issue was discovered in Cloud Foundry Foundation cf-release all versions prior to v279 and UAA 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1. In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other...

PT-2019-12221 · Cloud Foundry · Cloud Foundry Uaa

Name of the Vulnerable Software and Affected Versions: Cloud Foundry UAA versions prior to 74.0.0 Description: The issue allows a remote unauthenticated malicious attacker to craft a URL that contains a SCIM filter with malicious JavaScript. This JavaScript may be executed by older browsers,...

Cloud Foundry UAA Authorization Issues Vulnerability

Cloud Foundry UAA is an authentication and managed service endpoint for the CloudFoundry Cloud Platform. An authorization issue vulnerability exists in Cloud Foundry UAA versions prior to v70.0. An attacker could exploit this vulnerability to impersonate another user by changing their address to...

CVE-2018-1223

Cloud Foundry Container Runtime kubo-release, versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the ability to read the application logs could use these credentials to escalate privileges...

Pivotal Cloud Foundry Multiple Product Design Vulnerabilities

Pivotal Cloud Foundry PCF Runtime cf-release and others are products of Pivotal Software, Inc. PCF is an open source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment. cf-release is a release of PCF. UAA i...