VYPR

Vendor CVEs

Cloudfoundry

All CVEs

227 total · sorted by risk
  • CVE-2018-1276MedMay 17, 2018
    risk 0.42cvss 6.5epss 0.01

    Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials.

  • CVE-2018-1277MedApr 30, 2018
    risk 0.42cvss 6.5epss 0.01

    Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially…

  • CVE-2017-14389MedNov 28, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an…

  • CVE-2016-8219MedJun 13, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage…

  • CVE-2016-5007HigMay 25, 2017
    risk 0.42cvss 7.5epss 0.03

    Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with…

  • CVE-2016-2165MedMay 25, 2017
    risk 0.42cvss 6.5epss 0.01

    The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow…

  • CVE-2015-1834MedMay 25, 2017
    risk 0.42cvss 6.5epss 0.02

    A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through…

  • CVE-2017-4969MedApr 20, 2017
    risk 0.42cvss 6.5epss 0.01

    The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks.

  • CVE-2017-4960HigMar 10, 2017
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.

  • CVE-2016-9878HigDec 29, 2016
    risk 0.42cvss 7.5epss 0.06

    An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

  • CVE-2017-8047MedOct 4, 2017
    risk 0.40cvss 6.1epss 0.01

    In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a…

  • CVE-2017-4991HigJun 13, 2017
    risk 0.40cvss 7.2epss 0.01

    An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x…

  • CVE-2017-4971MedJun 13, 2017
    risk 0.40cvss 5.9epss 0.16

    An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states…

  • CVE-2017-4967MedJun 13, 2017
    risk 0.40cvss 6.1epss 0.02

    An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in…

  • CVE-2017-4965MedJun 13, 2017
    risk 0.40cvss 6.1epss 0.03

    An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in…

  • CVE-2016-0781MedMay 25, 2017
    risk 0.40cvss 6.1epss 0.01

    The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java…

  • CVE-2015-3190MedMay 25, 2017
    risk 0.40cvss 6.1epss 0.01

    With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect…

  • CVE-2016-0927MedSep 18, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-0926MedSep 18, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS…

  • CVE-2026-41009MedMay 27, 2026
    risk 0.38cvss 5.8epss 0.00

    When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by AgentClient. inject_compile_log (line 332-339) reads response['value']['result']['compile_log_id'] and format_exception (line 318-325) reads exception['blobstore_id'];…

  • CVE-2016-0715MedSep 11, 2018
    risk 0.38cvss 5.9epss 0.01

    Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete…

  • CVE-2018-11045MedJul 11, 2018
    risk 0.38cvss 5.9epss 0.01

    Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running…

  • CVE-2016-0708MedJul 11, 2018
    risk 0.38cvss 5.9epss 0.02

    Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using…

  • CVE-2017-8039MedNov 27, 2017
    risk 0.38cvss 5.9epss 0.01

    An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states…

  • CVE-2017-4970MedJun 13, 2017
    risk 0.38cvss 5.9epss 0.01

    An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth configuration to be ignored when the Static file file is not present in the…

  • CVE-2018-1257MedMay 11, 2018
    risk 0.36cvss 6.5epss 0.03

    Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker)…

  • CVE-2017-8032MedJul 10, 2017
    risk 0.36cvss 6.6epss 0.01

    In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions…

  • CVE-2016-6652MedOct 5, 2016
    risk 0.36cvss 5.6epss 0.01

    SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance…

  • CVE-2026-22723MedMar 5, 2026
    risk 0.35cvss 6.5epss 0.00

    Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.

  • CVE-2025-22216MedJan 31, 2025
    risk 0.35cvss 5.4epss 0.00

    A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones.

  • CVE-2018-1193MedMay 23, 2018
    risk 0.35cvss 5.3epss 0.01

    Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.

  • CVE-2016-2169MedApr 18, 2018
    risk 0.35cvss 5.3epss 0.01

    Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended…

  • CVE-2017-4974MedJun 13, 2017
    risk 0.35cvss 6.5epss 0.01

    An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x…

  • CVE-2016-6636MedSep 30, 2016
    risk 0.35cvss 5.3epss 0.01

    The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops…

  • CVE-2024-38826MedNov 11, 2024
    risk 0.34cvss epss 0.00

    Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: * Upgrade capi…

  • CVE-2026-41704MedMay 27, 2026
    risk 0.33cvss 5.0epss 0.00

    AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads response['value']['result']['compile_log_id'] (line 332-338) and passes it to download_and_delete_blob. Separately, any response containing…

  • CVE-2026-22726MedMay 1, 2026
    risk 0.33cvss 5.0epss 0.00

    Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on…

  • CVE-2018-11039MedJun 25, 2018
    risk 0.32cvss 5.9epss 0.03

    Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a…

  • CVE-2026-41847MedJun 9, 2026
    risk 0.31cvss 4.8epss 0.00

    Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48.

  • CVE-2016-0713MedAug 31, 2017
    risk 0.31cvss 4.7epss 0.01

    Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.

  • CVE-2016-5016MedApr 24, 2017
    risk 0.31cvss 5.9epss 0.01

    Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a…

  • CVE-2015-3192MedJul 12, 2016
    risk 0.29cvss 5.5epss 0.03

    Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

  • CVE-2024-38809MedSep 27, 2024
    risk 0.28cvss 5.3epss 0.01

    Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and…

  • CVE-2017-8031MedNov 27, 2017
    risk 0.28cvss 5.3epss 0.01

    An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke…

  • CVE-2024-38806LowJul 18, 2024
    risk 0.25cvss 3.9epss 0.00

    Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users retaining access rights they should not have. This can allow them to perform…

  • CVE-2015-3189LowMay 25, 2017
    risk 0.17cvss 3.7epss 0.01

    With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This…

  • CVE-2026-47833Jun 18, 2026
    risk 0.00cvss epss 0.00

    setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the…

  • CVE-2026-22727Mar 17, 2026
    risk 0.00cvss epss 0.00

    Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure…

  • CVE-2025-22246May 13, 2025
    risk 0.00cvss epss 0.00

    Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.

  • CVE-2024-22279Jun 10, 2024
    risk 0.00cvss epss 0.00

    Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale.