Cf-deployment Security Vulnerabilities and Issues — Cf-deployment CVE List

Lucene search

CloudfoundryCf-deployment

3 matches found

CVE•added 2019/12/19 8:15 p.m.•71 views

CVE-2019-11294

Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.

4.3CVSS4.6AI score0.00228EPSS

CVE•added 2019/10/23 4:15 p.m.•40 views

CVE-2019-11282

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.

4.3CVSS4.3AI score0.00303EPSS

CVE•added 2020/09/03 1:15 a.m.•39 views

CVE-2020-5418

Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none).

4.3CVSS4.2AI score0.00171EPSS