Pivotal Software Cloud Foundry Cf Deployment
By the Year
In 2024 there have been 0 vulnerabilities in Pivotal Software Cloud Foundry Cf Deployment . Cloud Foundry Cf Deployment did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 7.40 |
| 2019 | 2 | 6.55 |
| 2018 | 3 | 7.73 |
It may take a day or so for new Cloud Foundry Cf Deployment vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pivotal Software Cloud Foundry Cf Deployment Security Vulnerabilities
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS
CVE-2020-5399
7.4 - High
- February 12, 2020
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.
Cleartext Transmission of Sensitive Information
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack
CVE-2019-11282
4.3 - Medium
- October 23, 2019
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.
Injection
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs
CVE-2019-11283
8.8 - High
- October 23, 2019
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.
Insertion of Sensitive Information into Log File
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers
CVE-2018-1265
7.2 - High
- June 06, 2018
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell.
Unrestricted File Upload
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could
CVE-2018-1262
7.2 - High
- May 15, 2018
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.
In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5
CVE-2018-1192
8.8 - High
- February 01, 2018
In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Pivotal Software Cloud Foundry Uaa or by Pivotal Software? Click the Watch button to subscribe.
