CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3779 – Cloud Foundry Container Runtime allows a user to bypass security policy when talking to ETCD
https://notcve.org/view.php?id=CVE-2019-3779
08 Mar 2019 — Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate leveraging the Kubernetes CSR capability to obtain a credential that could escalate privilege access to ETCD. Cloud Foundry Container Runtime, en versiones anteriores a la 0.29.0, despliega clústeres Kubernetes que utilizan la misma... • https://www.cloudfoundry.org/blog/cve-2019-3779 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3783 – Cloud Foundry Stratos Deploys With Public Default Session Store Secret
https://notcve.org/view.php?id=CVE-2019-3783
07 Mar 2019 — Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user. Cloud Foudry Stratos, en versiones anteriores a 2.3.0, se despliega con un secreto de almacenamiento de sesión por defecto. Un usuario malicioso con un secreto de almacenamiento de sesión por defecto puede realizar una ataque con fuerza bruta a la sesión Statos actual de o... • https://www.cloudfoundry.org/blog/cve-2019-3783 • CWE-384: Session Fixation CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3784 – Cloud Foundry Stratos contains a Session Collision Vulnerability
https://notcve.org/view.php?id=CVE-2019-3784
07 Mar 2019 — Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id. Cloud Foundry Stratos, en versiones anteriores a 2.3.0, contiene una sesión insegura que se podría suplantar. Al desplegarse en cloud foundry con múltiples instancias utilizando la base de datos SQLite embebida por ... • https://www.cloudfoundry.org/blog/cve-2019-3784 • CWE-384: Session Fixation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3775 – UAA allows users to modify their own email address
https://notcve.org/view.php?id=CVE-2019-3775
07 Mar 2019 — Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user. Cloud Foundry UAA, en versiones anteriores a la v70.0, permite a un usuario actualizar su propia dirección de correo electrónico. Un usuario autenticado remoto puede suplantar a un usuario distinto, modificando su dirección de correo electrónico acon la de otro usuario. • https://www.cloudfoundry.org/blog/cve-2019-3775 • CWE-287: Improper Authentication CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3781 – CF CLI does not sanitize user's password in verbose/trace/debug
https://notcve.org/view.php?id=CVE-2019-3781
07 Mar 2019 — Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password. Cloud Foudry CLI, en versiones anteriores a v6.43.0, expone contraseñas de manera incorrecta cuando verbose/trace/debugging está habilitado. Un usuario no autenticado o un usuario remoto autenticado malicioso con acceso a los logs podría obtener parte o toda la contras... • http://www.securityfocus.com/bid/107365 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-215: Insertion of Sensitive Information Into Debugging Code •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3782 – CredHub CLI writes environment variable credentials to disk
https://notcve.org/view.php?id=CVE-2019-3782
13 Feb 2019 — Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user. Cloud Foundry CredHub CLI, en versiones anteriores a la 2.2.1, escribe inadvertidamente credenciales de autenticación proporcionadas mediante var... • http://www.securityfocus.com/bid/107038 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11084 – Garden-runC prevents deletion of some app environments
https://notcve.org/view.php?id=CVE-2018-11084
18 Sep 2018 — Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps. Cloud Foundry Garden-runC release, en versiones anteriores a la 1.16.1, evita la eliminación de algunos entornos de aplicación basados en atributos de archivo. Un usuario autenticado remoto malicioso podrí... • https://www.cloudfoundry.org/blog/cve-2018-11084 •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0708
https://notcve.org/view.php?id=CVE-2016-0708
11 Jul 2018 — Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions fo... • https://www.cloudfoundry.org/blog/cve-2016-0708 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1269
https://notcve.org/view.php?id=CVE-2018-1269
06 Jun 2018 — Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the traffic controller to leave dangling TCP connections, which could cause denial of service. Cloud Foundry Loggregator, en versiones 89.x anteriores a la 89.5, versiones 96.x anteriores a la 96.1, versiones 99.x anterior... • https://www.cloudfoundry.org/blog/cve-2018-1269 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1265
https://notcve.org/view.php?id=CVE-2018-1265
06 Jun 2018 — Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell. Cloud Foundry Diego, en versiones anteriores a la 2.8.0, no sanea correctamente las rutas de archivo en las cabeceras de archivos tar y zip. Un atacante remoto con privilegios de administrador CF puede subir ... • https://www.cloudfoundry.org/blog/cve-2018-1265 • CWE-434: Unrestricted Upload of File with Dangerous Type •