Vulnerabilities > Cloudfoundry > Capi Release > 1.25.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-19 | CVE-2018-1195 | Insufficient Session Expiration vulnerability in Cloudfoundry Cf-Release In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. | 6.5 |
| 2017-11-28 | CVE-2017-14389 | Unspecified vulnerability in Cloudfoundry Capi-Release An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). | 4.0 |
| 2017-08-21 | CVE-2017-8037 | Information Exposure vulnerability in Cloudfoundry Capi-Release and Cf-Release In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. | 5.0 |
| 2017-07-25 | CVE-2017-8035 | Information Exposure vulnerability in Cloudfoundry Capi-Release and Cf-Release An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. | 5.0 |
| 2017-07-25 | CVE-2017-8033 | Path Traversal vulnerability in Cloudfoundry Capi-Release and Cf-Release An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. | 6.8 |
| 2017-07-17 | CVE-2017-8034 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Cloudfoundry Capi-Release, Cf-Release and Routing-Release The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. | 6.0 |