Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cf\-Deployment
(Cloudfoundry)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 34 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-23 | CVE-2019-11277 | Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack. | Cf\-Deployment, Nfs_volume_release | N/A | ||
| 2018-03-29 | CVE-2018-1191 | Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials. | Cf\-Deployment, Garden\-Runc\-Release | 8.8 | ||
| 2018-04-30 | CVE-2018-1277 | Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS against the cell. | Cf\-Deployment, Garden\-Runc | 6.5 | ||
| 2018-05-23 | CVE-2018-1193 | Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections. | Cf\-Deployment, Routing\-Release | 5.3 |