Cf-release Security Vulnerabilities and Issues — Cf-release CVE List

Lucene search

CloudfoundryCf-release

8 matches found

CVE•added 2017/10/04 1:29 a.m.•49 views

CVE-2017-8048

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially cra...

7.8CVSS7.7AI score0.00418EPSS

CVE•added 2017/07/25 4:29 a.m.•40 views

CVE-2017-8033

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a special...

7.8CVSS7.5AI score0.00211EPSS

CVE•added 2017/06/13 6:29 a.m.•39 views

CVE-2017-4972

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12,...

7.5CVSS7.8AI score0.00278EPSS

CVE•added 2017/06/13 6:29 a.m.•38 views

CVE-2017-4991

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14...

7.2CVSS6.9AI score0.0028EPSS

CVE•added 2017/01/13 9:59 a.m.•37 views

CVE-2016-9882

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggreg...

7.5CVSS7.4AI score0.00372EPSS

CVE•added 2017/08/21 10:29 p.m.•37 views

CVE-2017-8037

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI requ...

7.5CVSS7.6AI score0.00381EPSS

CVE•added 2017/07/25 4:29 a.m.•33 views

CVE-2017-8035

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud C...

7.5CVSS7.4AI score0.00381EPSS

CVE•added 2017/05/25 5:29 p.m.•32 views

CVE-2016-0780

It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to...

7.5CVSS7.4AI score0.00389EPSS