Cloud Foundry Elastic Runtime@* Security Vulnerabilities and Issues — Cloud Foundry Elastic Runtime@* CVE List

Lucene search

Pivotal SoftwareCloud Foundry Elastic Runtime*

5 matches found

CVE•added 2017/10/24 5:29 p.m.•38 views

CVE-2015-5173

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."

8.8CVSS9.2AI score0.00484EPSS

CVE•added 2017/10/24 5:29 p.m.•37 views

CVE-2015-5170

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.

8.8CVSS9.1AI score0.00306EPSS

CVE•added 2017/10/24 5:29 p.m.•36 views

CVE-2015-5171

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.

9.8CVSS9.7AI score0.00486EPSS

CVE•added 2017/10/24 5:29 p.m.•35 views

CVE-2015-5172

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.

9.8CVSS9.8AI score0.00398EPSS

CVE•added 2018/03/29 10:29 p.m.•34 views

CVE-2016-6658

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the ...

9.6CVSS9.2AI score0.0031EPSS