VYPR

CAPI

by Cloudfoundry

CVEs (3)

  • CVE-2023-20881May 19, 2023
    risk 0.00cvss epss 0.00

    Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This…

  • CVE-2021-22100Mar 25, 2022
    risk 0.00cvss epss 0.01

    In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for…

  • CVE-2020-5417Aug 21, 2020
    risk 0.00cvss epss 0.01

    Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive…