CVE-2019-11289
- EPSS 1.51%
- Veröffentlicht 19.11.2019 19:15:23
- Zuletzt bearbeitet 21.11.2024 04:20:51
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.
CVE-2019-11283
- EPSS 1.46%
- Veröffentlicht 23.10.2019 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:20:50
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing ...
CVE-2019-11282
- EPSS 1.14%
- Veröffentlicht 23.10.2019 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:20:50
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about u...
CVE-2019-11277
- EPSS 1.71%
- Veröffentlicht 23.09.2019 18:15:11
- Zuletzt bearbeitet 21.11.2024 04:20:50
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, fac...
CVE-2019-3801
- EPSS 0.59%
- Veröffentlicht 25.04.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:34
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inje...
CVE-2018-1265
- EPSS 1.77%
- Veröffentlicht 06.06.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:29
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell ...
CVE-2018-1193
- EPSS 1.11%
- Veröffentlicht 23.05.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:22
Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond...
CVE-2018-1262
- EPSS 1.34%
- Veröffentlicht 15.05.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:29
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens whi...
CVE-2018-1277
- EPSS 1.12%
- Veröffentlicht 30.04.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:31
Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated...
CVE-2018-1191
- EPSS 0.93%
- Veröffentlicht 29.03.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:22
Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.