10 matches found
CVE-2017-14389
CVE-2017-14389 affects Cloud Foundry Foundation components capi-release (all versions < 1.45.0), cf-release (all versions < v280), and cf-deployment (all versions
CVE-2015-5173
CVE-2015-5173 corresponds to a Cloud Foundry security issue described in connected advisories as a weak password recovery/expired reset mechanism affecting cf-release <216, UAA <2.5.2, and PCF Elastic Runtime
CVE-2015-5170
CVE-2015-5170 affects Cloud Foundry components (cf-release before 216, UAA before 2.5.2, PCF Elastic Runtime before 1.7.0) and enables remote CSRF attacks on PWS by exploiting missing CSRF checks, potentially allowing an attacker to log a user into an arbitrary account. The connected records corr...
CVE-2015-5171
Ø CVE-2015-5171 affects Cloud Foundry components (cf-release <216, UAA <2.5.2, PCF Elastic Runtime
CVE-2017-8033
The CVE-2017-8033 issue affects Cloud Foundry’s Cloud Controller API in capi-release v1.33.0+ and cf-release v268+ (pre-v1.35.0 and pre-v268 respectively), where a filesystem-traversal flaw lets a space developer write arbitrary files on the Cloud Controller VM by pushing a crafted app. The origi...
CVE-2018-1195
Cloud Controller (Cloud Foundry) is affected. The vulnerability (CVE-2018-1195) occurs when Cloud Controller versions prior to 1.46.0, cf-deployment prior to 1.3.0, and cf-release prior to 283 accept refresh tokens for authentication in contexts where an access token is expected. Root cause: refr...
CVE-2015-5172
CVE-2015-5172 affects Cloud Foundry Runtime: cf-release prior to 216, UAA prior to 2.5.2, and PCF Elastic Runtime prior to 1.7.0, due to failure to expire password reset links. Connected sources (GHSA/osv entries) corroborate the affected components and the weak password recovery mechanism, descr...
CVE-2016-8219
The CVE affects Cloud Foundry Foundation cf-release before 250 and CAPI-release before 1.12.0. The vulnerability arises because a SpaceAuditor can restage applications, enabling over-privileged actions that could cause application downtime if restaging fails. Mitigation is to upgrade cf-release t...
CVE-2016-6658
CVE-2016-6658 affects cf-release before 245. It allows configuring and pushing with a user-provided buildpack URL that may include credentials (basic auth or OAuth) to access a private buildpack. The buildpack URL is stored unencrypted, so an operator with privileged Cloud Controller DB access co...
CVE-2016-2169
Cloud Foundry CVE-2016-2169 affects Cloud Foundry Cloud Controller: capi-release versions before 1.0.0 and cf-release versions before v237. The issue is a business-logic flaw where an application could create a route that conflicts with a platform service route, causing traffic intended for the s...