Cf-deployment Security Vulnerabilities and Issues — Cf-deployment CVE List

Lucene search

CloudfoundryCf-deployment

8 matches found

CVE•added 2019/12/06 8:15 p.m.•143 views

CVE-2019-11293

Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.

8.8CVSS6.8AI score0.00567EPSS

CVE•added 2019/11/19 7:15 p.m.•71 views

CVE-2019-11289

Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.

8.6CVSS8.5AI score0.00726EPSS

CVE•added 2019/12/19 8:15 p.m.•71 views

CVE-2019-11294

Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.

4.3CVSS4.6AI score0.00228EPSS

CVE•added 2019/11/26 12:15 a.m.•70 views

CVE-2019-11290

Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.

8.8CVSS7.6AI score0.00459EPSS

CVE•added 2019/09/23 6:15 p.m.•51 views

CVE-2019-11277

Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny s...

8.4CVSS8.1AI score0.00923EPSS

CVE•added 2019/04/25 9:29 p.m.•43 views

CVE-2019-3801

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.

9.8CVSS9.3AI score0.00071EPSS

CVE•added 2019/10/23 4:15 p.m.•41 views

CVE-2019-11283

Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.

8.8CVSS8.9AI score0.00492EPSS

CVE•added 2019/10/23 4:15 p.m.•40 views

CVE-2019-11282

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.

4.3CVSS4.3AI score0.00303EPSS