Lucene search
K

10 matches found

CVE
CVE
added 2017/11/28 7:0 a.m.77 views

CVE-2017-14389

CVE-2017-14389 affects Cloud Foundry Foundation components capi-release (all versions < 1.45.0), cf-release (all versions < v280), and cf-deployment (all versions

6.5CVSS6.3AI score0.00945EPSS
CVE
CVE
added 2017/10/24 5:0 p.m.58 views

CVE-2015-5173

CVE-2015-5173 corresponds to a Cloud Foundry security issue described in connected advisories as a weak password recovery/expired reset mechanism affecting cf-release <216, UAA <2.5.2, and PCF Elastic Runtime

8.8CVSS9.2AI score0.01033EPSS
CVE
CVE
added 2017/10/24 5:0 p.m.53 views

CVE-2015-5170

CVE-2015-5170 affects Cloud Foundry components (cf-release before 216, UAA before 2.5.2, PCF Elastic Runtime before 1.7.0) and enables remote CSRF attacks on PWS by exploiting missing CSRF checks, potentially allowing an attacker to log a user into an arbitrary account. The connected records corr...

8.8CVSS9.1AI score0.00757EPSS
CVE
CVE
added 2017/10/24 5:0 p.m.53 views

CVE-2015-5171

Ø CVE-2015-5171 affects Cloud Foundry components (cf-release <216, UAA <2.5.2, PCF Elastic Runtime

9.8CVSS9.7AI score0.01167EPSS
CVE
CVE
added 2017/07/25 4:0 a.m.52 views

CVE-2017-8033

The CVE-2017-8033 issue affects Cloud Foundry’s Cloud Controller API in capi-release v1.33.0+ and cf-release v268+ (pre-v1.35.0 and pre-v268 respectively), where a filesystem-traversal flaw lets a space developer write arbitrary files on the Cloud Controller VM by pushing a crafted app. The origi...

7.8CVSS7.5AI score0.01018EPSS
CVE
CVE
added 2018/03/19 6:0 p.m.51 views

CVE-2018-1195

Cloud Controller (Cloud Foundry) is affected. The vulnerability (CVE-2018-1195) occurs when Cloud Controller versions prior to 1.46.0, cf-deployment prior to 1.3.0, and cf-release prior to 283 accept refresh tokens for authentication in contexts where an access token is expected. Root cause: refr...

8.8CVSS8.7AI score0.0099EPSS
CVE
CVE
added 2017/10/24 5:0 p.m.50 views

CVE-2015-5172

CVE-2015-5172 affects Cloud Foundry Runtime: cf-release prior to 216, UAA prior to 2.5.2, and PCF Elastic Runtime prior to 1.7.0, due to failure to expire password reset links. Connected sources (GHSA/osv entries) corroborate the affected components and the weak password recovery mechanism, descr...

9.8CVSS9.8AI score0.01167EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.47 views

CVE-2016-8219

The CVE affects Cloud Foundry Foundation cf-release before 250 and CAPI-release before 1.12.0. The vulnerability arises because a SpaceAuditor can restage applications, enabling over-privileged actions that could cause application downtime if restaging fails. Mitigation is to upgrade cf-release t...

6.5CVSS6.3AI score0.00974EPSS
CVE
CVE
added 2018/03/29 10:0 p.m.46 views

CVE-2016-6658

CVE-2016-6658 affects cf-release before 245. It allows configuring and pushing with a user-provided buildpack URL that may include credentials (basic auth or OAuth) to access a private buildpack. The buildpack URL is stored unencrypted, so an operator with privileged Cloud Controller DB access co...

9.6CVSS9.2AI score0.00883EPSS
CVE
CVE
added 2018/04/18 4:0 p.m.45 views

CVE-2016-2169

Cloud Foundry CVE-2016-2169 affects Cloud Foundry Cloud Controller: capi-release versions before 1.0.0 and cf-release versions before v237. The issue is a business-logic flaw where an application could create a route that conflicts with a platform service route, causing traffic intended for the s...

5.3CVSS5.2AI score0.01003EPSS