CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6658
https://notcve.org/view.php?id=CVE-2016-6658
29 Mar 2018 — Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller data... • https://pivotal.io/security/cve-2016-6658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0CVE-2017-4959
https://notcve.org/view.php?id=CVE-2017-4959
13 Jun 2017 — An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges. Se ha descubierto un problema en Pivotal PCF Elastic Runtime, en versiones 1.8.x anteriores a la 1.8.29 y en versiones 1.9.x anteriores a la 1.9.7. Los desp... • http://www.securityfocus.com/bid/96218 •
CVSS: 9.8EPSS: 0%CPEs: 143EXPL: 0CVE-2017-4955
https://notcve.org/view.php?id=CVE-2017-4955
13 Jun 2017 — An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile. Se detectó un problema en las versiones de PCF Elastic Runtime de Pivotal versiones 1.6.x anteriores a 1.6.65, versiones 1.7.x anteriores a 1.7.48, versiones 1.8.x anteriores a 1.8.28 y versiones 1.9.x anteriores a 1.9.... • http://www.securityfocus.com/bid/97082 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 123EXPL: 0CVE-2017-2773
https://notcve.org/view.php?id=CVE-2017-2773
13 Jun 2017 — An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue. Se ha descubierto un problema en Pivotal PCF Elastic Runtime en version... • http://www.securityfocus.com/bid/97135 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 43EXPL: 0CVE-2016-6657
https://notcve.org/view.php?id=CVE-2016-6657
16 Dec 2016 — An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later. Una vulnerabilidad de redirección abierta ha sido detectada con algunos componentes Pivotal Cloud Foundry Elastic Runtime. Los usuarios de las versiones afectadas deben aplicar ... • http://www.securityfocus.com/bid/94126 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •