VYPR

NFS Volume Service

by Cloudfoundry

Source repositories

CVEs (2)

  • CVE-2019-11277Sep 23, 2019
    risk 0.00cvss epss 0.02

    Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space…

  • CVE-2018-15797Dec 5, 2018
    risk 0.00cvss epss 0.02

    Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the…