CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5401 – Cloud Foundry GoRouter is vulnerable to cache poisoning
https://notcve.org/view.php?id=CVE-2020-5401
27 Feb 2020 — Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app. Cloud Foundry Routing Release, versiones anteriores a 0.197.0, contiene GoRouter, que permite a clientes maliciosos enviar encabezados no válidos, causando que las capas de almacenamiento caché rechacen a clientes legítimos posteriores que intentan acceder a la aplicación. • https://www.cloudfoundry.org/blog/cve-2020-5401 • CWE-393: Return of Wrong Status Code CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5400 – Cloud Controller logs environment variables from app manifests
https://notcve.org/view.php?id=CVE-2020-5400
27 Feb 2020 — Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials. Cloud Foundry Cloud Controller (CAPI), versiones anteriores a 1.91.0, registra las propiedades de background jobs cuando se ejecutan, lo que puede incluir información confidencial tales como cr... • https://www.cloudfoundry.org/blog/cve-2020-5400 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5399 – CredHub does not properly enable TLS for MySQL database connections
https://notcve.org/view.php?id=CVE-2020-5399
12 Feb 2020 — Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components. Cloud Foundry CredHub, versiones anteriores a 2.5.10, se conecta a una base de datos MySQL sin TLS inclusive cuando está configurado para usar TLS. Un usuario malicioso con acceso a la red entre Cre... • https://www.cloudfoundry.org/blog/cve-2020-5399 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11294 – CAPI leaks service broker URLs and GUIDs to space developers
https://notcve.org/view.php?id=CVE-2019-11294
19 Dec 2019 — Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins. Cloud Foundry Cloud Controller API (CAPI), versión 1.88.0, permite a los desarrolladores de espacio enumerar a todos los brokers de servicios globales, incluyendo las URL y los GUID de los intermediarios de servicios, que solo deben ser accesibles para administradores. • https://www.cloudfoundry.org/blog/cve-2019-11294 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11293 – UAA logs all query parameters with debug logging level
https://notcve.org/view.php?id=CVE-2019-11293
06 Dec 2019 — Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters. Cloud Foundry UAA Release, versiones anteriores a v74.10.0, cuando se establece el nivel de registro DEBUG, registra las credenciales de client_secret cuando se envían como un parámetro de consulta. Un usuario ma... • https://www.cloudfoundry.org/blog/cve-2019-11293 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11290 – Cloud Foundry UAA logs query parameters in tomcat access file
https://notcve.org/view.php?id=CVE-2019-11290
25 Nov 2019 — Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well. Cloud Foundry UAA Release, versiones anteriores a la versión v74.8.0, registra todos los parámetros de consulta en el archivo de acceso de tomcat. Si los parámetros de consulta se utilizan para proporcionar autenticación, es decir. credenciales, luego se registrarán también. • https://www.cloudfoundry.org/blog/cve-2019-11290 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11289 – A forged route service request using an invalid nonce can cause the gorouter to panic and crash
https://notcve.org/view.php?id=CVE-2019-11289
19 Nov 2019 — Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash. Cloud Foundry Routing, todas las versiones anteriores a la versión 0.193.0, no valida correctamente la entrada nonce. Un usuario malintencionado remoto no autenticado podría falsificar una solicitud de servicio de ruta HTTP utilizando un nonce no válido que provocará el bloqu... • https://www.cloudfoundry.org/blog/cve-2019-11289 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11283 – Password leak in smbdriver logs
https://notcve.org/view.php?id=CVE-2019-11283
23 Oct 2019 — Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume. Cloud Foundry SMB Volume, versiones anteriores a v2.0.3, imprime accidentalmente información confidencial en los registros. Un usuario remoto con acceso a los registros de SMB Volume puede descubrir el nombre de usuari... • https://www.cloudfoundry.org/blog/cve-2019-11283 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11282 – UAA is vulnerable to a Blind SCIM injection leading to information disclosure
https://notcve.org/view.php?id=CVE-2019-11282
23 Oct 2019 — Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA. Cloud Foundry UAA, versiones anteriores a v74.3.0, contiene un endpoint que es vulnerable al ataque de inyección SCIM. Un usuario malicioso autenticado remoto con alcance de scim.invite puede diseñar una petición con contenido malicioso que pued... • https://www.cloudfoundry.org/blog/cve-2019-11282 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11279 – Privilege Escalation via Scope Manipulation in UAA
https://notcve.org/view.php?id=CVE-2019-11279
26 Sep 2019 — CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls. CF UAA versiones anteriores a 74.1.0, puede solicitar ámbitos para un cliente que no debió ser permitido mediante el envío de una conjunto de ámbitos solicitados. Un usuario malicioso remoto puede escalar sus propios privilegios a cualqui... • https://www.cloudfoundry.org/blog/cve-2019-11279 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •