3 matches found
CVE-2015-1834
CVE-2015-1834 is a path-traversal vulnerability in the Cloud Foundry Cloud Controller. Affected products include cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime prior to 1.4.2. The root cause is path traversal via user-supplied file path parameters (e.g., ../ sequences...
CVE-2016-0713
The CVE-2016-0713 entry applies to Cloud Foundry Gorouter in cf-release versions 141–228, where a cross-site scripting (XSS) vulnerability can be exploited when an attacker modifies requests, enabling potential MITM-like behavior and unauthorized operations. Publicly documented impact is XSS via ...
CVE-2016-8218
CVE-2016-8218 affects Cloud Foundry’s routing-release (versions prior to 0.142.0) and cf-release (203–231). The issue is incomplete validation in JSON Web Token (JWT) libraries, enabling unprivileged attackers to impersonate other users to the routing API. Remediation: upgrade routing-release to ...