Aggregates CVE and security vulnerability intelligence across all Cloud Foundry-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk open redirect, vendor risk cross-site scripting, vendor risk csrf, and vendor risk sql injection and related problems; some flaws may lead to vendor impact unexpected behavior.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-15586 | Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. | [email protected] | 5.9 | 2.89% | 2020-07-17 | 2024-11-21 |
| CVE-2020-5402 | In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers. | [email protected] | 8.8 | 0.49% | 2020-02-27 | 2024-11-21 |
| CVE-2020-5401 | Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app. | [email protected] | 5.3 | 1.04% | 2020-02-27 | 2024-11-21 |
| CVE-2020-5400 | Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials. | [email protected] | 6.5 | 0.75% | 2020-02-27 | 2024-11-21 |
| CVE-2020-5399 | Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components. | [email protected] | 7.4 | 0.53% | 2020-02-12 | 2024-11-21 |
| CVE-2019-11294 | Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins. | [email protected] | 4.3 | 0.78% | 2019-12-19 | 2024-11-21 |
| CVE-2019-11293 | Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters. | [email protected] | 6.5 | 1.32% | 2019-12-06 | 2024-11-21 |
| CVE-2019-11290 | Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well. | [email protected] | 7.5 | 1.28% | 2019-11-26 | 2024-11-21 |
| CVE-2019-11289 | Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash. | [email protected] | 8.6 | 1.51% | 2019-11-19 | 2024-11-21 |
| CVE-2019-11283 | Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume. | [email protected] | 8.8 | 1.46% | 2019-10-23 | 2024-11-21 |
| CVE-2019-11282 | Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA. | [email protected] | 4.3 | 1.14% | 2019-10-23 | 2024-11-21 |
| CVE-2019-11279 | CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls. | [email protected] | 8.8 | 1.33% | 2019-09-26 | 2024-11-21 |
| CVE-2019-11278 | CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have. | [email protected] | 8.8 | 1.34% | 2019-09-26 | 2024-11-21 |
| CVE-2019-11277 | Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack. | [email protected] | 8.1 | 1.71% | 2019-09-23 | 2024-11-21 |
| CVE-2019-11274 | Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute. | [email protected] | 6.1 | 0.80% | 2019-08-09 | 2024-11-21 |
| CVE-2019-3801 | Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component. | [email protected] | 9.8 | 0.59% | 2019-04-25 | 2024-11-21 |
| CVE-2019-3788 | Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim. | [email protected] | 8.7 | 0.83% | 2019-04-25 | 2024-11-21 |
| CVE-2019-3789 | Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route. | [email protected] | 6.5 | 0.77% | 2019-04-24 | 2024-11-21 |
| CVE-2019-3786 | Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable. | [email protected] | 7.1 | 0.59% | 2019-04-24 | 2024-11-21 |
| CVE-2019-3798 | Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim. | [email protected] | 6.0 | 1.36% | 2019-04-17 | 2024-11-21 |