Cf-release@* Security Vulnerabilities and Issues — Cf-release@* CVE List

Lucene search

CloudfoundryCf-release*

10 matches found

CVE•added 2017/11/28 7:29 a.m.•56 views

CVE-2017-14389

An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route th...

6.5CVSS6.3AI score0.00183EPSS

CVE•added 2017/07/25 4:29 a.m.•41 views

CVE-2017-8033

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a special...

7.8CVSS7.5AI score0.00211EPSS

CVE•added 2017/10/24 5:29 p.m.•38 views

CVE-2015-5173

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."

8.8CVSS9.2AI score0.00484EPSS

CVE•added 2017/10/24 5:29 p.m.•37 views

CVE-2015-5170

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.

8.8CVSS9.1AI score0.00306EPSS

CVE•added 2018/03/19 6:29 p.m.•37 views

CVE-2018-1195

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insuffic...

8.8CVSS8.7AI score0.00287EPSS

CVE•added 2017/10/24 5:29 p.m.•36 views

CVE-2015-5171

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.

9.8CVSS9.7AI score0.00486EPSS

CVE•added 2017/10/24 5:29 p.m.•35 views

CVE-2015-5172

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.

9.8CVSS9.8AI score0.00398EPSS

CVE•added 2018/03/29 10:29 p.m.•34 views

CVE-2016-6658

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the ...

9.6CVSS9.2AI score0.0031EPSS

CVE•added 2017/06/13 6:29 a.m.•33 views

CVE-2016-8219

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails.

6.5CVSS6.3AI score0.00232EPSS

CVE•added 2018/04/18 4:29 p.m.•31 views

CVE-2016-2169

Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service.

5.3CVSS5.2AI score0.00237EPSS