CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-2169
https://notcve.org/view.php?id=CVE-2016-2169
18 Apr 2018 — Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service. Cloud Foundry Cloud Controller, capi-release en versiones anteriores a la 1.0.0 y cf-release en versiones anteriores a la v237, contienen un error de lógica de negocio. Un desarrollador de aplicaciones puede crear una ... • https://github.com/cloudfoundry/cloud_controller_ng/issues/568 • CWE-17: DEPRECATED: Code •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1266
https://notcve.org/view.php?id=CVE-2018-1266
27 Mar 2018 — Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance. Cloud Foundry Cloud Controller, en versiones anteriores a la 1.52.0, contiene vulnerabilidades de revelación de información y salto de directorio. Un usuario mali... • https://www.cloudfoundry.org/blog/cve-2018-1266 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1195
https://notcve.org/view.php?id=CVE-2018-1195
19 Mar 2018 — In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication. En Cloud Controller, en versiones anteriores a la 1.46.0, versiones cf-deployment anteriores a la... • https://www.cloudfoundry.org/blog/cve-2018-1195 • CWE-613: Insufficient Session Expiration •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-14389
https://notcve.org/view.php?id=CVE-2017-14389
28 Nov 2017 — An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover." Se ha descubierto un problema en Cloud Foundry Foundation capi-release (todas las versiones anteriores a la 1.4... • https://www.cloudfoundry.org/cve-2017-14389 •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2017-8048
https://notcve.org/view.php?id=CVE-2017-8048
03 Oct 2017 — In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275. En las versiones de la 1.33.0 hasta la 1.42.0 del desarrollo capi-release y las versiones de la 268 hasta la 274 (... • https://www.cloudfoundry.org/cve-2017-8048 •
CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 0CVE-2017-8037
https://notcve.org/view.php?id=CVE-2017-8037
21 Aug 2017 — In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure. En Cloud Foundry Foundation CAPI-release en versiones poste... • http://www.securityfocus.com/bid/100448 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8033
https://notcve.org/view.php?id=CVE-2017-8033
25 Jul 2017 — An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM. Se ha descubierto en la API Cloud Controller en Cloud Foundry Foundation CAPI-release en versiones anteriores a 1.35.0 y las versio... • https://www.cloudfoundry.org/cve-2017-8033 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8035
https://notcve.org/view.php?id=CVE-2017-8035
25 Jul 2017 — An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation. Se ha descubierto en la API Cloud Controller en Cloud Foundry Foundation CAPI-release en versiones posteriores a 1.6.0 y anteriores a 1.35.0 y las versiones cf-release posterior... • https://www.cloudfoundry.org/cve-2017-8035 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8036
https://notcve.org/view.php?id=CVE-2017-8036
24 Jul 2017 — An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. Se ha descubierto un problema en la API Cloud Controller en Cloud Foundry Foundation CAPI-release 1.33.0. La solución original para CVE-2017-8033 en CAPI-release 1.33.0 introduce... • http://www.securityfocus.com/bid/100002 •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-8034
https://notcve.org/view.php?id=CVE-2017-8034
17 Jul 2017 — The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges. El controlador y el enrutador de nube en Cloud Foundry (publicación de CAPI versiones de capi anteriores a v1.32.0, publicación de enrutamiento versión anterior a v0.159.0,... • https://www.cloudfoundry.org/cve-2017-8034 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •