Cf-deployment Security Vulnerabilities and Issues — Cf-deployment CVE List

Lucene search

CloudfoundryCf-deployment

3 matches found

CVE•added 2018/03/19 6:29 p.m.•41 views

CVE-2018-1221

In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial...

8.1CVSS7.9AI score0.00376EPSS

CVE•added 2018/03/19 6:29 p.m.•37 views

CVE-2018-1195

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insuffic...

8.8CVSS8.7AI score0.00287EPSS

CVE•added 2018/03/29 8:29 p.m.•31 views

CVE-2018-1191

Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.

8.8CVSS8.3AI score0.00364EPSS