| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2019-3787 | UAA defaults email address to an insecure domain | Cloud Foundry | UAA Release (OSS) | 高危 | - | 2019-06-19 22:28:07 | Deep Dive |
| CVE-2019-11271 | Bosh Deployment logs leak sensitive information | Cloud Foundry | BOSH | 高危 | - | 2019-06-18 23:38:15 | Deep Dive |
| CVE-2019-3788 | UAA redirect-uri allows wildcard in the subdomain | Cloud Foundry | UAA Release (OSS) | 中危 | - | 2019-04-25 20:17:37 | Deep Dive |
| CVE-2019-3801 | Java Projects using HTTP to fetch dependencies | Cloud Foundry | CredHub | 超危 | - | 2019-04-25 20:17:37 | Deep Dive |
| CVE-2019-3786 | BBR could run arbitrary scripts on deployment VMs | Cloud Foundry | BOSH Backup and Restore | 高危 | - | 2019-04-24 15:21:10 | Deep Dive |
| CVE-2019-3789 | Gorouter allows space developer to hijack route services hosted outside the platform | Cloud Foundry | CF Routing | 中危 | - | 2019-04-24 15:21:10 | Deep Dive |
| CVE-2019-3798 | Escalation of Privileges in Cloud Controller | Cloud Foundry | CAPI-release | 高危 | - | 2019-04-17 13:32:36 | Deep Dive |
| CVE-2019-3785 | Cloud Controller provides signed URL with write authorization to read only user | Cloud Foundry | CAPI | 高危 | - | 2019-03-13 22:00:00 | Deep Dive |
| CVE-2019-3779 | Cloud Foundry Container Runtime allows a user to bypass security policy when talking to ETCD | Cloud Foundry | Cloud Foundry Container Runtime (CFCR) | 高危 | - | 2019-03-08 16:00:00 | Deep Dive |
| CVE-2019-3780 | Cloud Foundry Container Runtime Leaks IAAS Credentials | Cloud Foundry | Cloud Foundry Container Runtime (CFCR) | 高危 | - | 2019-03-08 16:00:00 | Deep Dive |
| CVE-2019-3775 | UAA allows users to modify their own email address | Cloud Foundry | UAA Release (OSS) | 中危 | - | 2019-03-07 19:00:00 | Deep Dive |
| CVE-2019-3781 | CF CLI does not sanitize user's password in verbose/trace/debug | Cloud Foundry | CF CLI | 高危 | - | 2019-03-07 19:00:00 | Deep Dive |
| CVE-2019-3783 | Cloud Foundry Stratos Deploys With Public Default Session Store Secret | Cloud Foundry | Stratos | 高危 | - | 2019-03-07 19:00:00 | Deep Dive |
| CVE-2019-3784 | Cloud Foundry Stratos contains a Session Collision Vulnerability | Cloud Foundry | Stratos | 中危 | - | 2019-03-07 19:00:00 | Deep Dive |
| CVE-2019-1003025 | CloudBees Jenkins Cloud Foundry Plugin 信息泄露漏洞 | Jenkins project | Jenkins Cloud Foundry Plugin | 高危 | - | 2019-02-20 21:00:00 | Deep Dive |
| CVE-2019-3782 | CredHub CLI writes environment variable credentials to disk | Cloud Foundry | CredHub CLI | 高危 | - | 2019-02-13 16:00:00 | Deep Dive |
| CVE-2018-15754 | UAA can issue tokens across identity providers if users with matching usernames exist | Cloud Foundry | UAA Release | 高危 | - | 2018-12-13 22:00:00 | Deep Dive |
| CVE-2018-15800 | Timing attack allows extraction of signing key in Bits Service | Cloud Foundry | Bits Service Release | 中危 | - | 2018-12-10 19:00:00 | Deep Dive |
| CVE-2018-15797 | NFS Volume release errand leaks cf admin credentials in logs | Cloud Foundry | NFS Volume Release | 高危 | - | 2018-12-05 18:00:00 | Deep Dive |
| CVE-2018-15761 | UAA Privilege Escalation | Cloud Foundry | UAA | 高危 | - | 2018-11-19 14:00:00 | Deep Dive |