Vulnerabilities > Cloudfoundry > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-07 | CVE-2019-3783 | Insecure Default Initialization of Resource vulnerability in Cloudfoundry Stratos Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. | 4.0 |
| 2019-03-07 | CVE-2019-3775 | Improper Authentication vulnerability in Cloudfoundry UAA Release Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. | 4.0 |
| 2018-09-18 | CVE-2018-11084 | Unspecified vulnerability in Cloudfoundry Garden-Runc Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. | 5.5 |
| 2018-07-11 | CVE-2016-0708 | Information Exposure vulnerability in Cloudfoundry Cf-Release and Java Buildpack Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. | 4.3 |
| 2018-06-06 | CVE-2018-1269 | Improper Handling of Exceptional Conditions vulnerability in Cloudfoundry Loggregator Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. | 4.0 |
| 2018-06-06 | CVE-2018-1268 | Improper Input Validation vulnerability in Cloudfoundry Loggregator Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. | 4.9 |
| 2018-06-06 | CVE-2018-1265 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. | 6.5 |
| 2018-05-23 | CVE-2018-1193 | Unspecified vulnerability in Cloudfoundry Cf-Deployment and Routing-Release Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. | 5.0 |
| 2018-05-15 | CVE-2018-1262 | Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. | 6.5 |
| 2018-04-30 | CVE-2018-1277 | Resource Exhaustion vulnerability in Cloudfoundry Cf-Deployment and Garden-Runc Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. | 4.0 |