Capi-release Security Vulnerabilities and Issues — Capi-release CVE List

Lucene search

CloudfoundryCapi-release

8 matches found

CVE•added 2020/12/02 2:15 a.m.•57 views

CVE-2020-5423

CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.

7.8CVSS7.5AI score0.00421EPSS

CVE•added 2017/07/25 4:29 a.m.•40 views

CVE-2017-8033

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a special...

7.8CVSS7.5AI score0.00211EPSS

CVE•added 2021/10/27 3:15 p.m.•38 views

CVE-2021-22101

Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query.

7.5CVSS7.7AI score0.0098EPSS

CVE•added 2017/01/13 9:59 a.m.•37 views

CVE-2016-9882

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggreg...

7.5CVSS7.4AI score0.00372EPSS

CVE•added 2017/08/21 10:29 p.m.•37 views

CVE-2017-8037

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI requ...

7.5CVSS7.6AI score0.00381EPSS

CVE•added 2017/07/25 4:29 a.m.•33 views

CVE-2017-8035

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud C...

7.5CVSS7.4AI score0.00381EPSS

CVE•added 2017/07/24 6:29 p.m.•32 views

CVE-2017-8036

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushin...

7.8CVSS7.7AI score0.00457EPSS

CVE•added 2019/04/17 2:29 p.m.•30 views

CVE-2019-3798

Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privilege...

7.5CVSS6.7AI score0.01948EPSS