CVE-2016-2169
https://notcve.org/view.php?id=CVE-2016-2169
Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service. Cloud Foundry Cloud Controller, capi-release en versiones anteriores a la 1.0.0 y cf-release en versiones anteriores a la v237, contienen un error de lógica de negocio. Un desarrollador de aplicaciones puede crear una aplicación con una ruta que entra en conflicto con una ruta de servicio de plataforma y recibir tráfico destinado al servicio. • https://github.com/cloudfoundry/cloud_controller_ng/issues/568 • CWE-17: DEPRECATED: Code •
CVE-2016-6658
https://notcve.org/view.php?id=CVE-2016-6658
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials. Applications en cf-release, en versiones anteriores a la 245, puede configurarse e insertarse con un buildpack personalizado proporcionado por el usuario mediante una URL que señale al buildpack. • https://pivotal.io/security/cve-2016-6658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-1191
https://notcve.org/view.php?id=CVE-2018-1191
Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials. Cloud Foundry Garden-runC, en versiones anteriores a la 1.11.0, contiene una vulnerabilidad de exposición de información. Un usuario con acceso a los registros de Garden podría ser capaz de obtener credenciales filtradas y realizar acciones autenticadas mediante el uso de esas credenciales. • https://www.cloudfoundry.org/blog/cve-2018-1191 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-215: Insertion of Sensitive Information Into Debugging Code •
CVE-2018-1221
https://notcve.org/view.php?id=CVE-2018-1221
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service. En cf-deployment en versiones anteriores a la 1.14.0 y routing-release en versiones anteriores a la 0.172.0, Cloud Foundry Gorouter gestiona de manera incorrecta las peticiones WebSocket para AWS Application Load Balancers (ALBs) y otros HTTP-aware Load Balancers. Un usuario con privilegios de desarrollador podría emplear esta vulnerabilidad para robar datos o provocar una denegación de servicio (DoS). • https://www.cloudfoundry.org/blog/cve-2018-1221 • CWE-20: Improper Input Validation •
CVE-2018-1195
https://notcve.org/view.php?id=CVE-2018-1195
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication. En Cloud Controller, en versiones anteriores a la 1.46.0, versiones cf-deployment anteriores a la 1.3.0 y versiones cf-release anteriores a la 283, Cloud Controller acepta tokens de actualización para autenticación cuando se esperan tokens de acceso. Esto expone una vulnerabilidad donde un token de actualización que, de otra forma, sería insuficiente para obtener un token de acceso, permita la autenticación debido a la falta de credenciales o la revocación. • https://www.cloudfoundry.org/blog/cve-2018-1195 • CWE-613: Insufficient Session Expiration •