Vulnerabilities > Cloudfoundry > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-27 | CVE-2020-5400 | Information Exposure Through Log Files vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. | 6.5 |
| 2019-12-19 | CVE-2019-11294 | Incorrect Authorization vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins. | 4.3 |
| 2019-12-06 | CVE-2019-11293 | Information Exposure Through Log Files vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. | 6.5 |
| 2019-10-23 | CVE-2019-11282 | Injection vulnerability in multiple products Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. | 4.3 |
| 2019-08-09 | CVE-2019-11274 | Cross-site Scripting vulnerability in Cloudfoundry User Account and Authentication Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. | 6.1 |
| 2019-04-25 | CVE-2019-3788 | Open Redirect vulnerability in Cloudfoundry UAA Release Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. | 6.1 |
| 2019-04-24 | CVE-2019-3789 | Improper Privilege Management vulnerability in Cloudfoundry Routing Release Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. | 6.5 |
| 2019-03-07 | CVE-2019-3784 | Session Fixation vulnerability in Cloudfoundry Stratos Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. | 6.5 |
| 2019-03-07 | CVE-2019-3775 | Improper Authentication vulnerability in Cloudfoundry UAA Release Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. | 6.5 |
| 2018-09-18 | CVE-2018-11084 | Unspecified vulnerability in Cloudfoundry Garden-Runc Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. | 6.5 |