Capi-release Security Vulnerabilities and Issues — Capi-release CVE List

Lucene search

CloudfoundryCapi-release

8 matches found

CVE•added 2017/11/28 7:29 a.m.•55 views

CVE-2017-14389

An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route th...

6.5CVSS6.3AI score0.00183EPSS

CVE•added 2017/07/25 4:29 a.m.•40 views

CVE-2017-8033

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a special...

7.8CVSS7.5AI score0.00211EPSS

CVE•added 2017/01/13 9:59 a.m.•37 views

CVE-2016-9882

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggreg...

7.5CVSS7.4AI score0.00372EPSS

CVE•added 2017/08/21 10:29 p.m.•37 views

CVE-2017-8037

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI requ...

7.5CVSS7.6AI score0.00381EPSS

CVE•added 2017/07/17 2:29 p.m.•36 views

CVE-2017-8034

The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrator...

6.6CVSS6.5AI score0.00472EPSS

CVE•added 2017/07/25 4:29 a.m.•33 views

CVE-2017-8035

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud C...

7.5CVSS7.4AI score0.00381EPSS

CVE•added 2017/06/13 6:29 a.m.•32 views

CVE-2016-8219

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails.

6.5CVSS6.3AI score0.00232EPSS

CVE•added 2017/07/24 6:29 p.m.•32 views

CVE-2017-8036

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushin...

7.8CVSS7.7AI score0.00457EPSS