Vulnerabilities > Cloudfoundry > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-10 | CVE-2024-22279 | HTTP Request Smuggling vulnerability in Cloudfoundry Cf-Deployment and Routing Release Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale. | 7.5 |
| 2023-05-19 | CVE-2023-20881 | Improper Certificate Validation vulnerability in Cloudfoundry Capi-Release, Cf-Deployment and Loggregator-Agent Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. | 8.1 |
| 2020-12-02 | CVE-2020-5423 | Resource Exhaustion vulnerability in Cloudfoundry Capi-Release CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM. | 7.8 |
| 2019-11-26 | CVE-2019-11290 | Information Exposure Through Log Files vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. | 7.5 |
| 2019-11-19 | CVE-2019-11289 | Improper Input Validation vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. | 7.8 |
| 2019-09-26 | CVE-2019-11278 | Improper Input Validation vulnerability in Cloudfoundry User Account and Authentication CF UAA versions prior to 74.1.0, allow external input to be directly queried against. | 7.5 |
| 2017-10-24 | CVE-2015-5172 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links. | 7.5 |
| 2017-10-24 | CVE-2015-5171 | Insufficient Session Expiration vulnerability in multiple products The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions. | 7.5 |
| 2017-06-13 | CVE-2017-4992 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. | 7.5 |
| 2017-06-13 | CVE-2016-8218 | Improper Input Validation vulnerability in Cloudfoundry Cf-Release and Routing-Release An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. | 7.5 |