Vulnerabilities > Cloudfoundry > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-19 | CVE-2019-11289 | Improper Input Validation vulnerability in Cloudfoundry Routing-Release Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. | 8.6 |
| 2019-10-23 | CVE-2019-11283 | Information Exposure Through Log Files vulnerability in multiple products Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. | 8.8 |
| 2019-09-26 | CVE-2019-11279 | Unspecified vulnerability in Cloudfoundry UAA Release CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. | 8.8 |
| 2019-09-26 | CVE-2019-11278 | Unspecified vulnerability in Cloudfoundry User Account and Authentication CF UAA versions prior to 74.1.0, allow external input to be directly queried against. | 8.8 |
| 2019-09-23 | CVE-2019-11277 | Injection vulnerability in Cloudfoundry Cf-Deployment and NFS Volume Release Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. | 8.1 |
| 2019-04-24 | CVE-2019-3786 | Insufficient Verification of Data Authenticity vulnerability in Cloudfoundry Bosh Backup and Restore Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. | 7.1 |
| 2019-04-17 | CVE-2019-3798 | Improper Authentication vulnerability in Cloudfoundry Capi-Release Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. | 7.5 |
| 2019-03-13 | CVE-2019-3785 | Improper Privilege Management vulnerability in Cloudfoundry Capi-Release Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. | 8.1 |
| 2019-03-08 | CVE-2019-3780 | Insufficiently Protected Credentials vulnerability in Cloudfoundry Container Runtime Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. | 8.8 |
| 2019-03-08 | CVE-2019-3779 | Permissions, Privileges, and Access Controls vulnerability in Cloudfoundry Container Runtime Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. | 8.8 |