Vulnerabilidades em Cloud Foundry
72 resultadosCVE-2019-3800MEDIUMCF CLI writes the client id and secret to config fileEPSS 2.1%CVE-2018-1264CRITICALLog Cache logs UAA client secret on startupEPSS 1.8%CVE-2018-15754MEDIUMUAA can issue tokens across identity providers if users with matching usernames existEPSS 1.8%CVE-2018-1265—Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker EPSS 1.8%CVE-2018-15761CRITICALUAA Privilege EscalationEPSS 1.7%CVE-2019-11277HIGHVolume Services is vulnerable to an LDAP injection attackEPSS 1.7%CVE-2018-15797HIGHNFS Volume release errand leaks cf admin credentials in logsEPSS 1.6%CVE-2016-0708—Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but EPSS 1.6%CVE-2019-11289HIGHA forged route service request using an invalid nonce can cause the gorouter to panic and crashEPSS 1.5%CVE-2018-11083HIGHBosh accepts refresh tokens in place of an access tokenEPSS 1.5%CVE-2019-3780CRITICALCloud Foundry Container Runtime Leaks IAAS CredentialsEPSS 1.5%CVE-2019-11283HIGHPassword leak in smbdriver logsEPSS 1.5%CVE-2019-3798MEDIUMEscalation of Privileges in Cloud ControllerEPSS 1.4%CVE-2019-11278HIGHPrivilege Escalation via Blind SCIM Injection in UAAEPSS 1.3%CVE-2018-1262—Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones EPSS 1.3%CVE-2019-11279HIGHPrivilege Escalation via Scope Manipulation in UAAEPSS 1.3%CVE-2019-3781HIGHCF CLI does not sanitize user's password in verbose/trace/debugEPSS 1.3%CVE-2019-11293HIGHUAA logs all query parameters with debug logging levelEPSS 1.3%CVE-2019-3785MEDIUMCloud Controller provides signed URL with write authorization to read only userEPSS 1.3%CVE-2018-15755MEDIUMCF networking internal policy server SQL injectionEPSS 1.3%