Vulnerabilities > Cloudfoundry > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-06 | CVE-2019-11293 | Information Exposure Through Log Files vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. | 3.5 |
| 2019-03-07 | CVE-2019-3781 | Information Exposure vulnerability in Cloudfoundry Command Line Interface Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. | 3.5 |
| 2019-02-13 | CVE-2019-3782 | Insufficiently Protected Credentials vulnerability in Cloudfoundry Credhub CLI Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. | 2.1 |
| 2018-03-29 | CVE-2018-1191 | Information Exposure vulnerability in Cloudfoundry Cf-Deployment and Garden-Runc-Release Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. | 3.5 |
| 2017-11-27 | CVE-2017-8031 | Unspecified vulnerability in Cloudfoundry Cf-Release An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). network cloudfoundry | 3.5 |
| 2016-12-23 | CVE-2016-6659 | Improper Authentication vulnerability in multiple products Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider. | 2.6 |