This page lists publicly disclosed CVE vulnerabilities affecting cloudfoundry stratos (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-3784 | Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id. | [email protected] | 8.2 | 1.08% | 2019-03-07 | 2024-11-21 |
| CVE-2019-3783 | Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user. | [email protected] | 8.8 | 0.92% | 2019-03-07 | 2024-11-21 |