VYPR

Cloud Controller

by Cloudfoundry

CVEs (5)

  • CVE-2016-5006CriMay 2, 2017
    risk 0.64cvss 9.8epss 0.01

    The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors.

  • CVE-2018-1195HigMar 19, 2018
    risk 0.57cvss 8.8epss 0.01

    In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would…

  • CVE-2018-1266HigMar 27, 2018
    risk 0.53cvss 8.1epss 0.01

    Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the…

  • CVE-2015-1834MedMay 25, 2017
    risk 0.42cvss 6.5epss 0.02

    A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through…

  • CVE-2016-2169MedApr 18, 2018
    risk 0.35cvss 5.3epss 0.01

    Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended…