Cf-deployment Security Vulnerabilities and Issues — Cf-deployment CVE List

Lucene search

CloudfoundryCf-deployment

9 matches found

CVE•added 2021/07/22 2:15 p.m.•179 views

CVE-2021-22001

In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server.

7.5CVSS7.3AI score0.00322EPSS

CVE•added 2024/06/10 8:15 p.m.•90 views

CVE-2024-22279

Improper handling of requests in Routing Release > v0.273.0 and

7.5CVSS6.1AI score0.00533EPSS

CVE•added 2020/12/02 2:15 a.m.•57 views

CVE-2020-5423

CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.

7.8CVSS7.5AI score0.00421EPSS

CVE•added 2018/05/15 8:29 p.m.•53 views

CVE-2018-1262

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin...

7.2CVSS7AI score0.00428EPSS

CVE•added 2020/08/21 10:15 p.m.•49 views

CVE-2020-5416

Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause ...

7.7CVSS6.6AI score0.00501EPSS

CVE•added 2020/09/03 1:15 a.m.•38 views

CVE-2020-5420

Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters.

7.7CVSS7.4AI score0.00175EPSS

CVE•added 2021/10/27 3:15 p.m.•38 views

CVE-2021-22101

Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query.

7.5CVSS7.7AI score0.0098EPSS

CVE•added 2018/06/06 8:29 p.m.•36 views

CVE-2018-1265

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego C...

7.2CVSS6.9AI score0.00682EPSS

CVE•added 2025/05/13 6:15 a.m.•34 views

CVE-2025-22246

Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.

7.5CVSS3.8AI score0.00034EPSS