Lucene search

K
CloudfoundryCf-release

6 matches found

CVE
CVE
added 2017/06/13 6:29 a.m.42 views

CVE-2017-4992

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15,...

9.8CVSS9.5AI score0.00387EPSS
CVE
CVE
added 2017/10/24 5:29 p.m.35 views

CVE-2015-5171

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.

9.8CVSS9.7AI score0.00486EPSS
CVE
CVE
added 2017/10/24 5:29 p.m.34 views

CVE-2015-5172

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.

9.8CVSS9.8AI score0.00398EPSS
CVE
CVE
added 2017/06/13 6:29 a.m.34 views

CVE-2016-6655

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to ex...

9.8CVSS9.7AI score0.04683EPSS
CVE
CVE
added 2018/03/29 10:29 p.m.33 views

CVE-2016-6658

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the ...

9.6CVSS9.2AI score0.0031EPSS
CVE
CVE
added 2017/06/13 6:29 a.m.32 views

CVE-2016-8218

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT...

9.8CVSS9.3AI score0.00585EPSS