Vulnerabilities > Cloudfoundry

DATE CVE VULNERABILITY TITLE RISK
2019-08-09 CVE-2019-11274 Cross-site Scripting vulnerability in Cloudfoundry User Account and Authentication
Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack.
4.3
2019-04-25 CVE-2019-3801 Cleartext Transmission of Sensitive Information vulnerability in Cloudfoundry Cf-Deployment and Credhub
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building.
network
low complexity
cloudfoundry CWE-319
5.0
2019-04-25 CVE-2019-3788 Open Redirect vulnerability in Cloudfoundry UAA Release
Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri.
5.8
2019-04-24 CVE-2019-3789 Improper Privilege Management vulnerability in Cloudfoundry Routing Release
Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform.
network
low complexity
cloudfoundry CWE-269
4.0
2019-04-24 CVE-2019-3786 Insufficient Verification of Data Authenticity vulnerability in Cloudfoundry Bosh Backup and Restore
Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH.
network
low complexity
cloudfoundry CWE-345
4.0
2019-04-17 CVE-2019-3798 Improper Authentication vulnerability in Cloudfoundry Capi-Release
Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions.
6.0
2019-03-13 CVE-2019-3785 Improper Privilege Management vulnerability in Cloudfoundry Capi-Release
Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization.
network
low complexity
cloudfoundry CWE-269
5.5
2019-03-08 CVE-2019-3780 Insufficiently Protected Credentials vulnerability in Cloudfoundry Container Runtime
Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials.
network
low complexity
cloudfoundry CWE-522
6.5
2019-03-08 CVE-2019-3779 Permissions, Privileges, and Access Controls vulnerability in Cloudfoundry Container Runtime
Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API.
network
low complexity
cloudfoundry CWE-264
4.0
2019-03-07 CVE-2019-3784 Session Fixation vulnerability in Cloudfoundry Stratos
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed.
network
low complexity
cloudfoundry CWE-384
4.0