All 6 CVE vulnerabilities found in CAPI, with AI-generated Chinese analysis, references, and POCs.
Vendor: Cloud Foundry
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2020-5423 | Cloud Controller is vulnerable to denial of service via YAML parsing CWE-400 | 7.5 | - | 2020-12-02 |
| CVE-2020-5418 | Cloud Controller allows users with no roles to list droplets CWE-863 | 4.3 | - | 2020-09-03 |
| CVE-2020-5417 | Cloud Controller may allow developers to claim sensitive routes CWE-732 | 8.1 | - | 2020-08-21 |
| CVE-2020-5400 | Cloud Controller logs environment variables from app manifests CWE-522 | 6.5 | - | 2020-02-27 |
| CVE-2019-11294 | CAPI leaks service broker URLs and GUIDs to space developers CWE-200 | 4.3 | - | 2019-12-19 |
| CVE-2019-3785 | Cloud Controller provides signed URL with write authorization to read only user CWE-285 | 8.1 | - | 2019-03-13 |
All 6 known CVE vulnerabilities affecting CAPI with full Chinese analysis, references, and POCs where available.