Cloudfoundry Diego
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Cloudfoundry Diego.
By the Year
In 2026 there have been 0 vulnerabilities in Cloudfoundry Diego. Diego did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.10 |
It may take a day or so for new Diego vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cloudfoundry Diego Security Vulnerabilities
Diego 2.55-2.69 mTLS Ingress Bypass via Unproxied Port
CVE-2022-31733
9.1 - Critical
- February 03, 2023
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then an attacker could connect to an application that should be only reachable via mTLS, without presenting a client certificate.
Improper Certificate Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cloudfoundry Diego or by Cloudfoundry? Click the Watch button to subscribe.
