Vulnerabilities > Cloudfoundry

DATE CVE VULNERABILITY TITLE RISK
2019-03-07 CVE-2019-3784 Session Fixation vulnerability in Cloudfoundry Stratos
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed.
network
low complexity
cloudfoundry CWE-384
6.5
2019-03-07 CVE-2019-3783 Insecure Default Initialization of Resource vulnerability in Cloudfoundry Stratos
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret.
network
low complexity
cloudfoundry CWE-1188
8.8
2019-03-07 CVE-2019-3781 Information Exposure vulnerability in Cloudfoundry Command Line Interface
Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on.
network
low complexity
cloudfoundry CWE-200
8.8
2019-03-07 CVE-2019-3775 Improper Authentication vulnerability in Cloudfoundry UAA Release
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address.
network
low complexity
cloudfoundry CWE-287
6.5
2019-02-13 CVE-2019-3782 Insufficiently Protected Credentials vulnerability in Cloudfoundry Credhub CLI
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file.
local
low complexity
cloudfoundry CWE-522
7.8
2018-09-18 CVE-2018-11084 Unspecified vulnerability in Cloudfoundry Garden-Runc
Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes.
network
low complexity
cloudfoundry
6.5
2018-07-11 CVE-2016-0708 Information Exposure vulnerability in Cloudfoundry Cf-Release and Java Buildpack
Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details.
network
high complexity
cloudfoundry CWE-200
5.9
2018-06-06 CVE-2018-1269 Improper Handling of Exceptional Conditions vulnerability in Cloudfoundry Loggregator
Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests.
network
low complexity
cloudfoundry CWE-755
6.5
2018-06-06 CVE-2018-1268 Improper Input Validation vulnerability in Cloudfoundry Loggregator
Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests.
network
high complexity
cloudfoundry CWE-20
6.8
2018-06-06 CVE-2018-1265 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers.
network
low complexity
pivotal-software cloudfoundry CWE-434
7.2