VYPR

SMB-volume release

by Cloudfoundry

Source repositories

CVEs (4)

  • CVE-2019-11283HigOct 23, 2019
    risk 0.57cvss 8.8epss 0.01

    Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of…

  • CVE-2026-41013HigJun 1, 2026
    risk 0.53cvss 8.1epss 0.00

    Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control…

  • CVE-2018-15797HigDec 5, 2018
    risk 0.48cvss 8.4epss 0.02

    Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the…

  • CVE-2023-20885MedJun 16, 2023
    risk 0.42cvss 6.5epss 0.01

    Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to…