Cloudfoundry Cloud Controller
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Cloudfoundry Cloud Controller.
By the Year
In 2026 there have been 0 vulnerabilities in Cloudfoundry Cloud Controller. Cloud Controller did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 7.65 |
| 2019 | 2 | 6.20 |
It may take a day or so for new Cloud Controller vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cloudfoundry Cloud Controller Security Vulnerabilities
Cloud Foundry Cloud Controller v1.194.0 - Arbitrary File Upload and Resource Leak Vulnerability
CVE-2024-38826
- November 11, 2024
Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: * Upgrade capi release version to 1.194.0 or greater * Upgrade cf-deployment version to v44.1.0 or greater. This includes a patched capi release
Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests
CVE-2020-5417
8.8 - High
- August 21, 2020
Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components.
Incorrect Permission Assignment for Critical Resource
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run
CVE-2020-5400
6.5 - Medium
- February 27, 2020
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.
Insertion of Sensitive Information into Log File
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0
CVE-2019-11294
4.3 - Medium
- December 19, 2019
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.
AuthZ
Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization
CVE-2019-3785
8.1 - High
- March 13, 2019
Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service.
Improper Privilege Management
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cloudfoundry Cloud Controller or by Cloudfoundry? Click the Watch button to subscribe.
