Vulnerabilities > Cloudfoundry > CF Release > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-11 | CVE-2016-0708 | Information Exposure vulnerability in Cloudfoundry Cf-Release and Java Buildpack Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. | 5.9 |
| 2018-04-18 | CVE-2016-2169 | Code vulnerability in Cloudfoundry Capi-Release and Cf-Release Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. | 5.3 |
| 2018-01-04 | CVE-2018-1190 | Cross-site Scripting vulnerability in multiple products An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. | 6.1 |
| 2017-11-28 | CVE-2017-14389 | Unspecified vulnerability in Cloudfoundry Cf-Release An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). | 6.5 |
| 2017-11-27 | CVE-2017-8031 | Unspecified vulnerability in Cloudfoundry Cf-Release An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). | 5.3 |
| 2017-10-04 | CVE-2017-8047 | Open Redirect vulnerability in multiple products In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. | 6.1 |
| 2017-08-31 | CVE-2016-0713 | Cross-site Scripting vulnerability in Cloudfoundry Cf-Release Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests. | 4.7 |
| 2017-07-17 | CVE-2017-8034 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Cloudfoundry Capi-Release and Cf-Release The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. | 6.6 |
| 2017-06-13 | CVE-2017-4974 | SQL Injection vulnerability in multiple products An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1. | 6.5 |
| 2017-06-13 | CVE-2017-4970 | Unspecified vulnerability in Cloudfoundry Cf-Release and Staticfile Buildpack An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. | 5.9 |