Known Vulnerabilities for products from Cloudfoundry
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Cloudfoundry".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Cloudfoundry can be found at device.report : Cloudfoundry
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-22115 | Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config fiel... | 6.5 - MEDIUM | 2021-04-08 | 2021-04-14 |
| CVE-2021-22101 | Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing un... | 7.5 - HIGH | 2021-10-27 | 2021-10-29 |
| CVE-2021-22100 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2022-03-25 | 2022-04-04 |
| CVE-2021-22098 | UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open r... | 6.1 - MEDIUM | 2021-08-11 | 2021-08-19 |
| CVE-2021-22001 | In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when del... | 7.5 - HIGH | 2021-07-22 | 2021-08-04 |
| CVE-2020-15586 | Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseP... | 5.9 - MEDIUM | 2020-07-17 | 2023-11-07 |
| CVE-2020-5423 | CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated ma... | 7.5 - HIGH | 2020-12-02 | 2020-12-04 |
| CVE-2020-5420 | Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-... | 7.7 - HIGH | 2020-09-03 | 2020-09-11 |
| CVE-2020-5418 | Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.re... | 4.3 - MEDIUM | 2020-09-03 | 2020-09-11 |
| CVE-2020-5417 | Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the sy... | 8.8 - HIGH | 2020-08-21 | 2021-08-17 |
| CVE-2020-5416 | Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of... | 6.5 - MEDIUM | 2020-08-21 | 2021-06-07 |
| CVE-2020-5402 | In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being chec... | 8.8 - HIGH | 2020-02-27 | 2020-03-03 |
| CVE-2020-5401 | Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid h... | 5.3 - MEDIUM | 2020-02-27 | 2020-03-03 |
| CVE-2020-5400 | Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which ... | 6.5 - MEDIUM | 2020-02-27 | 2021-08-17 |
| CVE-2020-5399 | Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A ... | 7.4 - HIGH | 2020-02-12 | 2020-02-27 |
| CVE-2019-11294 | Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, includ... | 4.3 - MEDIUM | 2019-12-19 | 2021-08-17 |
| CVE-2019-11293 | Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when s... | 6.5 - MEDIUM | 2019-12-06 | 2019-12-12 |
| CVE-2019-11290 | Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query param... | 7.5 - HIGH | 2019-11-26 | 2023-11-07 |
| CVE-2019-11289 | Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated maliciou... | 8.6 - HIGH | 2019-11-19 | 2020-01-03 |
| CVE-2019-11283 | Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user wit... | 8.8 - HIGH | 2019-10-23 | 2021-08-17 |
Known software with vulnerabilities from Cloudfoundry
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cloudfoundry | Bosh Backup And Restore | 0.1.0 |
| Application | Cloudfoundry | Capi-release | 1.0.0 |
| Application | Cloudfoundry | Cf-deployment | 0.0.0 |
| Application | Cloudfoundry | Cf-mysql-release | 1 |
| Application | Cloudfoundry | Cf-release | 68 |
| Hardware | Cloudfoundry | Cloud Controller | - |
| Application | Cloudfoundry | Command Line Interface | 0.0.1 |
| Application | Cloudfoundry | Container Runtime | 0.0.1 |
| Application | Cloudfoundry | Credhub | 0.1.0 |
| Application | Cloudfoundry | Credhub Cli | 0.1.0 |
| Application | Cloudfoundry | Garden | 0.22.0 |
| Application | Cloudfoundry | Garden-runc | 0.0.0 |
| Application | Cloudfoundry | Gorouter | 0.206.0 |
| Application | Cloudfoundry | Java Buildpack | 1.0 |
| Application | Cloudfoundry | Loggregator | 65 |
| Application | Cloudfoundry | Nfs Volume Release | 0.0.0 |
| Application | Cloudfoundry | Routing Release | 0.62.0 |
| Application | Cloudfoundry | Routing-release | 0.62.0 |
| Application | Cloudfoundry | Staticfile Buildpack | 0.2.0 |
| Application | Cloudfoundry | Stratos | 0.9.0 |