Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cloud Controller allows users with no roles to list droplets
Vulnerability Description
Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none).
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
Cloud Foundry 安全漏洞
Vulnerability Description
Cloud Foundry是美国Cloud Foundry基金会的一套开源的平台即服务(PaaS)云计算平台。该产品提供容器调度、持续交付和自动化服务部署等功能。Cloud Controller是其中的一款云控制器。Routing是其中的一个路由组件。 Cloud Foundry CAPI 1.98.0之前的版本存在安全漏洞,该漏洞是源于网络系统或产品中缺少身份验证、访问控制、权限管理等安全措施。允许经过身份验证的攻击者仅拥有cloud_controller就可以读取所有空间中的所有droplets。
CVSS Information
N/A
Vulnerability Type
N/A