Vulnerabilities > Cloudfoundry
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-07 | CVE-2019-3784 | Session Fixation vulnerability in Cloudfoundry Stratos Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. | 6.5 |
2019-03-07 | CVE-2019-3783 | Insecure Default Initialization of Resource vulnerability in Cloudfoundry Stratos Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. | 8.8 |
2019-03-07 | CVE-2019-3781 | Information Exposure vulnerability in Cloudfoundry Command Line Interface Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. | 8.8 |
2019-03-07 | CVE-2019-3775 | Improper Authentication vulnerability in Cloudfoundry UAA Release Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. | 6.5 |
2019-02-13 | CVE-2019-3782 | Insufficiently Protected Credentials vulnerability in Cloudfoundry Credhub CLI Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. | 7.8 |
2018-09-18 | CVE-2018-11084 | Unspecified vulnerability in Cloudfoundry Garden-Runc Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. | 6.5 |
2018-07-11 | CVE-2016-0708 | Information Exposure vulnerability in Cloudfoundry Cf-Release and Java Buildpack Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. | 5.9 |
2018-06-06 | CVE-2018-1269 | Improper Handling of Exceptional Conditions vulnerability in Cloudfoundry Loggregator Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. | 6.5 |
2018-06-06 | CVE-2018-1268 | Improper Input Validation vulnerability in Cloudfoundry Loggregator Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. | 6.8 |
2018-06-06 | CVE-2018-1265 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. | 7.2 |