CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11278 – Privilege Escalation via Blind SCIM Injection in UAA
https://notcve.org/view.php?id=CVE-2019-11278
26 Sep 2019 — CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have. CF UAA versiones anteriores a 74.1.0, permite que la entrada externa sea consultada directamente. Un usuario malicioso remoto con "client.write" y "groups.update" puede diseñar una c... • https://www.cloudfoundry.org/blog/cve-2019-11278 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11277 – Volume Services is vulnerable to an LDAP injection attack
https://notcve.org/view.php?id=CVE-2019-11277
23 Sep 2019 — Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack. Cloud Foundry NFS Volume Service, versiones 1.7.x anteriores a 1.7.11 y versiones 2.x anteriores a 2.3.0, es vulnerable a la inyección LDAP. Un desarrollador de espacio malic... • https://www.cloudfoundry.org/blog/cve-2019-11277 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11274 – UAA SCIM Filter XSS
https://notcve.org/view.php?id=CVE-2019-11274
09 Aug 2019 — Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute. Cloud Foundry UAA, versiones anteriores a 74.0.0, es vulnerable a un ataque de tipo XSS. Un atacante malicioso remoto no autenticado podría crear una URL que contenga un filtro SCIM que contenga JavaScript malicioso, que los navegadores más antiguos pueden ejecutar. • https://www.cloudfoundry.org/blog/cve-2019-11274 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-3801 – Java Projects using HTTP to fetch dependencies
https://notcve.org/view.php?id=CVE-2019-3801
25 Apr 2019 — Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component. Cloud Foundry cf-deployment versiones anteriores a 7.9.0, contiene componentes java que son empleados en un protocolo inseguro cuando se construyen dependencias. Un atacante malicioso remoto sin autenticar, podría secuestrar... • http://www.securityfocus.com/bid/108104 • CWE-319: Cleartext Transmission of Sensitive Information CWE-494: Download of Code Without Integrity Check •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3788 – UAA redirect-uri allows wildcard in the subdomain
https://notcve.org/view.php?id=CVE-2019-3788
25 Apr 2019 — Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim. La versión UAA de Cloud Foundry, en versiones anteriores a la 71.0, permite a los clientes ser configurados con un uri de redirección inseguro. Dado que un cliente UAA se configuró con un comodín en el subdo... • https://www.cloudfoundry.org/blog/cve-2019-3788 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3789 – Gorouter allows space developer to hijack route services hosted outside the platform
https://notcve.org/view.php?id=CVE-2019-3789
24 Apr 2019 — Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route. Cloud Foundry Routing Release, todas la... • https://www.cloudfoundry.org/blog/cve-2019-3789 • CWE-269: Improper Privilege Management CWE-840: Business Logic Errors •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3786 – BBR could run arbitrary scripts on deployment VMs
https://notcve.org/view.php?id=CVE-2019-3786
24 Apr 2019 — Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable. Cloud Foundry BOSH Backup y Restore CLI, todas ... • https://www.cloudfoundry.org/blog/cve-2019-3786 • CWE-269: Improper Privilege Management CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3798 – Escalation of Privileges in Cloud Controller
https://notcve.org/view.php?id=CVE-2019-3798
17 Apr 2019 — Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim. Cloud Foundry Cloud Controller API Release, versiones anteriores a la 1.79.0, contiene una autenticación incorrecta al va... • http://www.securityfocus.com/bid/108095 • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3785 – Cloud Controller provides signed URL with write authorization to read only user
https://notcve.org/view.php?id=CVE-2019-3785
13 Mar 2019 — Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service. Cloud Foundry Cloud Controller, en versiones anteriores a la 1.78.0, contiene un endpoint con autorización incorrecta. Un usuario autenticado remoto con permisos de lectura puede solicitar información de paquetes y re... • http://www.securityfocus.com/bid/107514 • CWE-269: Improper Privilege Management CWE-285: Improper Authorization •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3780 – Cloud Foundry Container Runtime Leaks IAAS Credentials
https://notcve.org/view.php?id=CVE-2019-3780
08 Mar 2019 — Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account. Cloud Foundry Container Runtime, en versiones anteriores a la 0.28.0, despliega los nodos "K8s worker" que contienen un archivo de configuración con credenciales IAAS. Un usuario malicioso con acceso a los nodos k8s pue... • http://www.securityfocus.com/bid/107434 • CWE-260: Password in Configuration File CWE-522: Insufficiently Protected Credentials •