Cloudfoundry Cloud Controller
By the Year
In 2024 there have been 0 vulnerabilities in Cloudfoundry Cloud Controller . Cloud Controller did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 7.65 |
| 2019 | 2 | 6.20 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Cloud Controller vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cloudfoundry Cloud Controller Security Vulnerabilities
Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests
CVE-2020-5417
8.8 - High
- August 21, 2020
Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components.
Incorrect Permission Assignment for Critical Resource
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run
CVE-2020-5400
6.5 - Medium
- February 27, 2020
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.
Insertion of Sensitive Information into Log File
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0
CVE-2019-11294
4.3 - Medium
- December 19, 2019
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.
AuthZ
Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization
CVE-2019-3785
8.1 - High
- March 13, 2019
Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service.
Improper Privilege Management
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cloudfoundry Capi Release or by Cloudfoundry? Click the Watch button to subscribe.
