Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Cloud Foundry — Vulnerabilities & Security Advisories 71

Browse all 71 CVE security advisories affecting Cloud Foundry. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Cloud Foundry:UAA Release (OSS)CAPIUAA ReleaseRoutingCloud Foundry UAAGarden-runCUAACloud FoundryCloud Foundry Container Runtime (CFCR)StratosLoggregatorCredHubRouting ReleaseBOSHCF CLI ReleaseCAPI-releaseBOSH System Metrics ServerCF RoutingBOSH Backup and Restore NotificationsCredHub CLICF CLIhaproxy-boshreleaseUUASMB VolumeCF NFS volume releaseBits Service ReleaseNFS Volume Releasebits-service-releaseCF Networking Release
CVE IDTitleCVSSSeverityPublished
CVE-2026-22734 Cloud Foundry UAA SAML 2.0 Signature Bypass — UUACWE-290 8.6 High2026-04-16
CVE-2025-22246 CVE-2025-22246 – UAA Private Key Exposure — UAA 3.0 Low2025-05-13
CVE-2025-22216 CVE-2025-22216 UAA Missing Zone Validation — Cloud Foundry UAA 5.4 Medium2025-01-31
CVE-2024-38826 CVE-2024-38826 Cloud Controller Denial of Service Attack — Cloud Foundry 6.5AIMediumAI2024-11-11
CVE-2024-37082 Cloud Foundry 安全漏洞 — haproxy-boshreleaseCWE-290 9.1 Critical2024-07-03
CVE-2024-22279 GoRouter Denial of Service Attack — Routing ReleaseCWE-444 5.9 Medium2024-06-10
CVE-2023-34061 CVE-2023-34061 – Gorouter route pruning — Routing Release 7.5 High2024-01-12
CVE-2023-34041 CVE-2023-34041-Abuse of HTTP Hop-by-Hop Headers in Cloud Foundry Gorouter — Routing 5.3 Medium2023-09-08
CVE-2023-20885 CF workflows leak credentials in system audit logs — Notifications 6.5 Medium2023-06-16
CVE-2020-5423 Cloud Controller is vulnerable to denial of service via YAML parsing — CAPICWE-400 7.5 -2020-12-02
CVE-2020-5422 UAA password may appear in BOSH System Metrics Server process arguments — BOSH System Metrics ServerCWE-214 6.5 -2020-10-02
CVE-2020-5420 Gorouter is vulnerable to DoS attack via invalid HTTP responses — RoutingCWE-754 7.7 -2020-09-03
CVE-2020-5418 Cloud Controller allows users with no roles to list droplets — CAPICWE-863 4.3 -2020-09-03
CVE-2020-5417 Cloud Controller may allow developers to claim sensitive routes — CAPICWE-732 8.1 -2020-08-21
CVE-2020-5416 CF clusters with NGINX in front of them may be vulnerable to DoS — RoutingCWE-404 7.5 -2020-08-21
CVE-2020-5402 UAA fails to check the state parameter when authenticating with external IDPs — UAACWE-352 8.8 -2020-02-27
CVE-2020-5401 Cloud Foundry GoRouter is vulnerable to cache poisoning — RoutingCWE-393--2020-02-27
CVE-2020-5400 Cloud Controller logs environment variables from app manifests — CAPICWE-522 6.5 -2020-02-27
CVE-2020-5399 CredHub does not properly enable TLS for MySQL database connections — CredHubCWE-319 8.7 -2020-02-12
CVE-2019-11294 CAPI leaks service broker URLs and GUIDs to space developers — CAPICWE-200 4.3 -2019-12-19
CVE-2019-11293 UAA logs all query parameters with debug logging level — UAA ReleaseCWE-532 6.5 -2019-12-06
CVE-2019-11290 Cloud Foundry UAA logs query parameters in tomcat access file — UAA ReleaseCWE-532 7.5 -2019-11-25
CVE-2019-11289 A forged route service request using an invalid nonce can cause the gorouter to panic and crash — RoutingCWE-20 8.6 -2019-11-19
CVE-2019-11283 Password leak in smbdriver logs — SMB VolumeCWE-532 8.8 -2019-10-23
CVE-2019-11282 UAA is vulnerable to a Blind SCIM injection leading to information disclosure — UAA ReleaseCWE-200 4.3 -2019-10-23
CVE-2019-11279 Privilege Escalation via Scope Manipulation in UAA — UAA Release (OSS)CWE-77 8.8 -2019-09-26
CVE-2019-11278 Privilege Escalation via Blind SCIM Injection in UAA — UAA Release (OSS)CWE-77 8.8 -2019-09-26
CVE-2019-11277 Volume Services is vulnerable to an LDAP injection attack — CF NFS volume releaseCWE-90 8.1 -2019-09-23
CVE-2019-11274 UAA SCIM Filter XSS — UAA Release (OSS)CWE-79 6.1 -2019-08-09
CVE-2019-3800 CF CLI writes the client id and secret to config file — CF CLI ReleaseCWE-522 7.8 -2019-08-05

This page lists every published CVE security advisory associated with Cloud Foundry. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.