Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Cloud Foundry — Vulnerabilities & Security Advisories 71

Browse all 71 CVE security advisories affecting Cloud Foundry. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Cloud Foundry:UAA Release (OSS)CAPIUAA ReleaseRoutingCloud Foundry UAAGarden-runCUAACloud FoundryCloud Foundry Container Runtime (CFCR)StratosLoggregatorCredHubRouting ReleaseBOSHCF CLI ReleaseCAPI-releaseBOSH System Metrics ServerCF RoutingBOSH Backup and Restore NotificationsCredHub CLICF CLIhaproxy-boshreleaseUUASMB VolumeCF NFS volume releaseBits Service ReleaseNFS Volume Releasebits-service-releaseCF Networking Release
CVE IDTitleCVSSSeverityPublished
CVE-2019-11270 UAA clients.write vulnerability — UAA Release (OSS)CWE-269 7.5 -2019-08-05
CVE-2019-3794 UAA - Login app subject to clickjacking attack — UAA Release (OSS)CWE-284 6.1 -2019-07-18
CVE-2019-11268 UAA SQL Identity Zone Vulnerability — UAA Release (OSS)CWE-200 6.5 -2019-07-11
CVE-2019-3787 UAA defaults email address to an insecure domain — UAA Release (OSS)CWE-840 9.8 -2019-06-19
CVE-2019-11271 Bosh Deployment logs leak sensitive information — BOSHCWE-532 7.1 -2019-06-18
CVE-2019-3801 Java Projects using HTTP to fetch dependencies — CredHubCWE-494 9.8 -2019-04-25
CVE-2019-3788 UAA redirect-uri allows wildcard in the subdomain — UAA Release (OSS)CWE-601 6.1 -2019-04-25
CVE-2019-3786 BBR could run arbitrary scripts on deployment VMs — BOSH Backup and RestoreCWE-269 7.1 -2019-04-24
CVE-2019-3789 Gorouter allows space developer to hijack route services hosted outside the platform — CF RoutingCWE-840 8.1 -2019-04-24
CVE-2019-3798 Escalation of Privileges in Cloud Controller — CAPI-releaseCWE-287 7.5 -2019-04-17
CVE-2019-3785 Cloud Controller provides signed URL with write authorization to read only user — CAPICWE-285 8.1 -2019-03-13
CVE-2019-3779 Cloud Foundry Container Runtime allows a user to bypass security policy when talking to ETCD — Cloud Foundry Container Runtime (CFCR)CWE-284 8.8 -2019-03-08
CVE-2019-3780 Cloud Foundry Container Runtime Leaks IAAS Credentials — Cloud Foundry Container Runtime (CFCR)CWE-260 8.8 -2019-03-08
CVE-2019-3781 CF CLI does not sanitize user's password in verbose/trace/debug — CF CLICWE-215 8.8 -2019-03-07
CVE-2019-3783 Cloud Foundry Stratos Deploys With Public Default Session Store Secret — StratosCWE-384 8.8 -2019-03-07
CVE-2019-3784 Cloud Foundry Stratos contains a Session Collision Vulnerability — StratosCWE-384 8.1 -2019-03-07
CVE-2019-3775 UAA allows users to modify their own email address — UAA Release (OSS)CWE-290 8.1 -2019-03-07
CVE-2019-3782 CredHub CLI writes environment variable credentials to disk — CredHub CLICWE-522 7.8 -2019-02-13
CVE-2018-15754 UAA can issue tokens across identity providers if users with matching usernames exist — UAA Release 8.1 -2018-12-13
CVE-2018-15800 Timing attack allows extraction of signing key in Bits Service — Bits Service Release 6.8 -2018-12-10
CVE-2018-15797 NFS Volume release errand leaks cf admin credentials in logs — NFS Volume Release 8.8 -2018-12-05
CVE-2018-15761 UAA Privilege Escalation — UAA 8.8 -2018-11-19
CVE-2018-15796 Signing Key Extraction in Bits Service Release — bits-service-release 8.1 -2018-11-09
CVE-2018-15755 CF networking internal policy server SQL injection — CF Networking Release 8.8 -2018-10-12
CVE-2018-11082 Cloud Foundry UAA MFA does not prevent brute force of MFA code — UAA Release 7.5 -2018-10-05
CVE-2018-11083 Bosh accepts refresh tokens in place of an access token — BOSH 8.1 -2018-10-05
CVE-2018-1264 Log Cache logs UAA client secret on startup — log-cache-release 8.8 -2018-10-05
CVE-2018-11084 Garden-runC prevents deletion of some app environments — Garden-runC 7.1 -2018-09-18
CVE-2018-1223 Cloud Foundry Container Runtime 安全漏洞 — Container Runtime 8.8 -2018-09-17
CVE-2018-11047 Cloud Foundry UAA 安全漏洞 — Cloud Foundry UAA 9.8 -2018-07-24

This page lists every published CVE security advisory associated with Cloud Foundry. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.