Vulnerabilities > Cloudfoundry > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-08 | CVE-2023-34041 | Unspecified vulnerability in Cloudfoundry Routing-Release Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. | 5.3 |
| 2023-05-26 | CVE-2023-20882 | Unspecified vulnerability in Cloudfoundry Cf-Deployment and Routing Release In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. | 5.9 |
| 2023-03-28 | CVE-2023-20903 | Insufficient Session Expiration vulnerability in Cloudfoundry User Account and Authentication This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the UAA deactivates the identity provider from the UAA. | 4.3 |
| 2022-03-25 | CVE-2021-22100 | Resource Exhaustion vulnerability in Cloudfoundry Capi-Release In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. | 5.3 |
| 2021-08-11 | CVE-2021-22098 | Open Redirect vulnerability in Cloudfoundry User Account and Authentication UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. | 6.1 |
| 2021-04-08 | CVE-2021-22115 | Insufficiently Protected Credentials vulnerability in Cloudfoundry Capi-Release Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. | 6.5 |
| 2020-09-03 | CVE-2020-5418 | Incorrect Authorization vulnerability in Cloudfoundry Capi-Release Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none). | 4.3 |
| 2020-08-21 | CVE-2020-5416 | Improper Resource Shutdown or Release vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool. | 6.5 |
| 2020-07-17 | CVE-2020-15586 | Race Condition vulnerability in multiple products Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. | 5.9 |
| 2020-02-27 | CVE-2020-5401 | HTTP Request Smuggling vulnerability in Cloudfoundry Routing Release Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app. | 5.3 |