Known Vulnerabilities for products from Cloudfoundry
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Cloudfoundry".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Cloudfoundry can be found at device.report : Cloudfoundry
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-34041 json | Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticate... | 5.3 - MEDIUM | 2023-09-08 | 2023-09-14 |
| CVE-2023-20903 json | This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an extern... | 4.3 - MEDIUM | 2023-03-28 | 2023-04-06 |
| CVE-2023-20882 json | In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denia... | 5.9 - MEDIUM | 2023-05-26 | 2023-06-02 |
| CVE-2023-20881 json | Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other use... | 8.1 - HIGH | 2023-05-19 | 2023-05-26 |
| CVE-2022-31733 json | Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessib... | 9.1 - CRITICAL | 2023-02-03 | 2023-02-10 |
| CVE-2021-22115 json | Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config fiel... | 6.5 - MEDIUM | 2021-04-08 | 2021-04-14 |
| CVE-2021-22101 json | Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing un... | 7.5 - HIGH | 2021-10-27 | 2021-10-29 |
| CVE-2021-22100 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2022-03-25 | 2022-04-04 |
| CVE-2021-22098 json | UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open r... | 6.1 - MEDIUM | 2021-08-11 | 2021-08-19 |
| CVE-2021-22001 json | In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when del... | 7.5 - HIGH | 2021-07-22 | 2021-08-04 |
| CVE-2020-15586 json | Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseP... | 5.9 - MEDIUM | 2020-07-17 | 2023-11-07 |
| CVE-2020-5423 json | CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated ma... | 7.5 - HIGH | 2020-12-02 | 2020-12-04 |
| CVE-2020-5420 json | Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-... | 7.7 - HIGH | 2020-09-03 | 2020-09-11 |
| CVE-2020-5418 json | Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.re... | 4.3 - MEDIUM | 2020-09-03 | 2020-09-11 |
| CVE-2020-5417 json | Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the sy... | 8.8 - HIGH | 2020-08-21 | 2021-08-17 |
| CVE-2020-5416 json | Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of... | 6.5 - MEDIUM | 2020-08-21 | 2021-06-07 |
| CVE-2020-5402 json | In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being chec... | 8.8 - HIGH | 2020-02-27 | 2020-03-03 |
| CVE-2020-5401 json | Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid h... | 5.3 - MEDIUM | 2020-02-27 | 2020-03-03 |
| CVE-2020-5400 json | Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which ... | 6.5 - MEDIUM | 2020-02-27 | 2021-08-17 |
| CVE-2020-5399 json | Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A ... | 7.4 - HIGH | 2020-02-12 | 2020-02-27 |
Known software with vulnerabilities from Cloudfoundry
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cloudfoundry | Bosh Backup And Restore | 0.1.0 |
| Application | Cloudfoundry | Capi-release | 1.0.0 |
| Application | Cloudfoundry | Cf-deployment | 0.0.0 |
| Application | Cloudfoundry | Cf-mysql-release | 1 |
| Application | Cloudfoundry | Cf-release | 100 |
| Hardware | Cloudfoundry | Cloud Controller | - |
| Application | Cloudfoundry | Cloud Controller | 1.78.0 |
| Application | Cloudfoundry | Command Line Interface | 0.0.1 |
| Application | Cloudfoundry | Container Runtime | 0.0.1 |
| Application | Cloudfoundry | Credhub | 0.1.0 |
| Application | Cloudfoundry | Credhub Cli | 0.1.0 |
| Application | Cloudfoundry | Garden | 0.22.0 |
| Application | Cloudfoundry | Garden-runc | 0.0.0 |
| Application | Cloudfoundry | Gorouter | 0.206.0 |
| Application | Cloudfoundry | Java Buildpack | 1.0 |
| Application | Cloudfoundry | Loggregator | 100 |
| Application | Cloudfoundry | Nfs Volume Release | 0.0.0 |
| Application | Cloudfoundry | Routing-release | 0.118.0 |
| Application | Cloudfoundry | Routing Release | 0.118.0 |
| Application | Cloudfoundry | Staticfile Buildpack | 0.2.0 |