Vulnerabilities > Cloudfoundry > CF Deployment
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-26 | CVE-2019-11290 | Information Exposure Through Log Files vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. | 7.5 |
| 2019-11-19 | CVE-2019-11289 | Improper Input Validation vulnerability in Cloudfoundry Routing-Release Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. | 8.6 |
| 2019-10-23 | CVE-2019-11283 | Information Exposure Through Log Files vulnerability in multiple products Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. | 8.8 |
| 2019-10-23 | CVE-2019-11282 | Injection vulnerability in multiple products Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. | 4.3 |
| 2019-09-23 | CVE-2019-11277 | Injection vulnerability in Cloudfoundry Cf-Deployment and NFS Volume Release Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. | 8.1 |
| 2019-04-25 | CVE-2019-3801 | Cleartext Transmission of Sensitive Information vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. | 9.8 |
| 2018-06-06 | CVE-2018-1265 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. | 7.2 |
| 2018-05-23 | CVE-2018-1193 | Unspecified vulnerability in Cloudfoundry Routing-Release Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. | 5.3 |
| 2018-05-15 | CVE-2018-1262 | Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. | 7.2 |
| 2018-04-30 | CVE-2018-1277 | Resource Exhaustion vulnerability in Cloudfoundry Cf-Deployment and Garden-Runc Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. | 6.5 |