Vulnerabilities > Cloudfoundry > CF Deployment > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-17 | CVE-2020-15586 | Race Condition vulnerability in multiple products Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. | 5.9 |
| 2020-02-27 | CVE-2020-5402 | Cross-Site Request Forgery (CSRF) vulnerability in Cloudfoundry Cf-Deployment In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers. | 6.8 |
| 2020-02-27 | CVE-2020-5400 | Information Exposure Through Log Files vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. | 4.0 |
| 2019-12-19 | CVE-2019-11294 | Incorrect Authorization vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins. | 4.0 |
| 2019-10-23 | CVE-2019-11283 | Information Exposure Through Log Files vulnerability in multiple products Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. | 4.0 |
| 2019-10-23 | CVE-2019-11282 | Injection vulnerability in multiple products Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. | 4.0 |
| 2019-09-23 | CVE-2019-11277 | Injection vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. | 5.5 |
| 2019-04-25 | CVE-2019-3801 | Cleartext Transmission of Sensitive Information vulnerability in Cloudfoundry Cf-Deployment and Credhub Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. | 5.0 |
| 2018-06-06 | CVE-2018-1265 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. | 6.5 |
| 2018-05-23 | CVE-2018-1193 | Unspecified vulnerability in Cloudfoundry Cf-Deployment and Routing-Release Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. | 5.0 |