Total
22 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-8033 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM. | |||||
CVE-2016-9882 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog. |