Vulnerabilities > Cloudfoundry > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-09 | CVE-2019-11274 | Cross-site Scripting vulnerability in Cloudfoundry User Account and Authentication Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. | 4.3 |
| 2019-04-25 | CVE-2019-3801 | Cleartext Transmission of Sensitive Information vulnerability in Cloudfoundry Cf-Deployment and Credhub Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. | 5.0 |
| 2019-04-25 | CVE-2019-3788 | Open Redirect vulnerability in Cloudfoundry UAA Release Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. | 5.8 |
| 2019-04-24 | CVE-2019-3789 | Improper Privilege Management vulnerability in Cloudfoundry Routing Release Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. | 4.0 |
| 2019-04-24 | CVE-2019-3786 | Insufficient Verification of Data Authenticity vulnerability in Cloudfoundry Bosh Backup and Restore Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. | 4.0 |
| 2019-04-17 | CVE-2019-3798 | Improper Authentication vulnerability in Cloudfoundry Capi-Release Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. | 6.0 |
| 2019-03-13 | CVE-2019-3785 | Improper Privilege Management vulnerability in Cloudfoundry Capi-Release Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. | 5.5 |
| 2019-03-08 | CVE-2019-3780 | Insufficiently Protected Credentials vulnerability in Cloudfoundry Container Runtime Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. | 6.5 |
| 2019-03-08 | CVE-2019-3779 | Permissions, Privileges, and Access Controls vulnerability in Cloudfoundry Container Runtime Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. | 4.0 |
| 2019-03-07 | CVE-2019-3784 | Session Fixation vulnerability in Cloudfoundry Stratos Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. | 4.0 |