CVE-2018-1262
https://notcve.org/view.php?id=CVE-2018-1262
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation. Cloud Foundry Foundation UAA, en versiones 4.12.X y 4.13.X, introdujo una característica que podría permitir el escalado de privilegios en zonas de identidad para clientes que realizan validación offline. Un administrador de zona podría configurar su zona para enviar tokens que suplanten otra zona, otorgando hasta privilegios de administrador en la zona suplantada a clientes que realizan la validación offline de tokens. • https://www.cloudfoundry.org/blog/cve-2018-1262 •
CVE-2016-6658
https://notcve.org/view.php?id=CVE-2016-6658
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials. Applications en cf-release, en versiones anteriores a la 245, puede configurarse e insertarse con un buildpack personalizado proporcionado por el usuario mediante una URL que señale al buildpack. • https://pivotal.io/security/cve-2016-6658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-9880
https://notcve.org/view.php?id=CVE-2016-9880
The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker. El broker GemFire para Cloud Foundry, en versiones 1.6.x anteriores a la 1.6.5 y versiones 1.7.x anteriores a la 1.7.1, tiene múltiples endpoints de API que no requieren autenticación y que podrían usarse para obtener acceso al clúster gestionado por el broker. • http://www.securityfocus.com/bid/96146 https://pivotal.io/security/cve-2016-9880 • CWE-287: Improper Authentication •
CVE-2018-1192
https://notcve.org/view.php?id=CVE-2018-1192
In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user. En Cloud Foundry Foundation cf-release en versiones anteriores a v285; cf-deployment anteriores a v1.7; UAA 4.5.x anteriores a 4.5.5, 4.8.x anteriores a 4.8.3 y 4.7.x anteriores a 4.7.4 y UAA-release 45.7.x anteriores a 45.7, 52.7.x anteriores a 52.7 y 53.3.x anteriores a 53.3, SessionID se registra en los logs de eventos de auditoría. Un atacante podría utilizar el SessionID para suplantar un usuario registrado. • https://www.cloudfoundry.org/blog/cve-2018-1192 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-5170
https://notcve.org/view.php?id=CVE-2015-5170
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks. Cloud Foundry Runtime cf-release en versiones anteriores a la 216, UAA en versiones anteriores a la 2.5.2 y Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a la 1.7.0 permite que atacantes remotos realicen ataques Cross-Site Request Forgery (CSRF) en PWS y registren un usuario en una cuenta arbitraria aprovechándose de la falta de chequeos contra CSRF. • http://www.securityfocus.com/bid/101579 https://pivotal.io/security/cve-2015-5170-5173 • CWE-352: Cross-Site Request Forgery (CSRF) •