Vulnerabilities > Cloudfoundry > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-11 | CVE-2016-0708 | Information Exposure vulnerability in Cloudfoundry Cf-Release and Java Buildpack Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. | 5.9 |
| 2018-06-06 | CVE-2018-1269 | Improper Handling of Exceptional Conditions vulnerability in Cloudfoundry Loggregator Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. | 6.5 |
| 2018-06-06 | CVE-2018-1268 | Improper Input Validation vulnerability in Cloudfoundry Loggregator Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. | 6.8 |
| 2018-05-23 | CVE-2018-1193 | Unspecified vulnerability in Cloudfoundry Routing-Release Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. | 5.3 |
| 2018-04-30 | CVE-2018-1277 | Resource Exhaustion vulnerability in Cloudfoundry Cf-Deployment and Garden-Runc Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. | 6.5 |
| 2018-04-18 | CVE-2016-2169 | Code vulnerability in Cloudfoundry Capi-Release and Cf-Release Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. | 5.3 |
| 2018-01-04 | CVE-2018-1190 | Cross-site Scripting vulnerability in multiple products An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. | 6.1 |
| 2017-11-28 | CVE-2017-14389 | Unspecified vulnerability in Cloudfoundry Cf-Release An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). | 6.5 |
| 2017-11-27 | CVE-2017-8031 | Unspecified vulnerability in Cloudfoundry Cf-Release An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). | 5.3 |
| 2017-10-04 | CVE-2017-8047 | Open Redirect vulnerability in multiple products In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. | 6.1 |