Vulnerabilities > Cloudfoundry > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-19 | CVE-2015-5350 | Improper Access Control vulnerability in Cloudfoundry Garden 0.22.0/0.329.0 In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. | 7.5 |
| 2017-10-24 | CVE-2015-5173 | Information Exposure vulnerability in multiple products Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage." | 8.8 |
| 2017-10-24 | CVE-2015-5170 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks. | 8.8 |
| 2017-10-04 | CVE-2017-8048 | In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. | 7.8 |
| 2017-09-07 | CVE-2016-0732 | Improper Privilege Management vulnerability in multiple products The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors. | 8.8 |
| 2017-08-21 | CVE-2017-8037 | Information Exposure vulnerability in Cloudfoundry Capi-Release and Cf-Release In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. | 7.5 |
| 2017-07-25 | CVE-2017-8035 | Information Exposure vulnerability in Cloudfoundry Capi-Release and Cf-Release An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. | 7.5 |
| 2017-07-25 | CVE-2017-8033 | Path Traversal vulnerability in Cloudfoundry Capi-Release and Cf-Release An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. | 7.8 |
| 2017-07-24 | CVE-2017-8036 | Unspecified vulnerability in Cloudfoundry Capi-Release 1.33.0 An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). | 7.8 |
| 2017-06-13 | CVE-2017-4994 | Improper Input Validation vulnerability in multiple products An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. | 7.5 |