cloud foundry Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by cloud foundry
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
SAML 2.0 Signature Bypass Vulnerability in Cloud Foundry UAA
CVE-2026-22734Cloud FoundryUua8.6HIGHPrivate Key Exposure in Cloud Foundry UAA Software
CVE-2025-22246Cloud FoundryUaa7.5HIGHSecurity Check Loophole in HAProxy Release Could Bypass mTLS Authentication
CVE-2024-37082Cloud FoundryHaproxy-boshrelease9.1CRITICALUnauthenticated Attackers Can Degrade Cloud Foundry Deployment Availability
CVE-2024-22279Cloud FoundryRouting Release7.5HIGHCVE-2023-34061 β Gorouter route pruning
CVE-2023-34061Cloud FoundryRouting Release7.5HIGHCloud Controller is vulnerable to denial of service via YAML parsing
CVE-2020-5423Cloud FoundryCapi7.5HIGHGorouter is vulnerable to DoS attack via invalid HTTP responses
CVE-2020-5420Cloud FoundryRouting7.7HIGHCF clusters with NGINX in front of them may be vulnerable to DoS
CVE-2020-5416Cloud FoundryRouting7.7HIGHCloud Controller may allow developers to claim sensitive routes
CVE-2020-5417Cloud FoundryCapi8.5HIGHCloud Controller logs environment variables from app manifests
CVE-2020-5400Cloud FoundryCapi8HIGHUAA fails to check the state parameter when authenticating with external IDPs
CVE-2020-5402Cloud FoundryUaa8.8HIGHCredHub does not properly enable TLS for MySQL database connections
CVE-2020-5399Cloud FoundryCredhub7.6HIGHUAA logs all query parameters with debug logging level
CVE-2019-11293Cloud FoundryUaa Release8.8HIGHCloud Foundry UAA logs query parameters in tomcat access file
CVE-2019-11290Cloud FoundryUaa Release8.8HIGHA forged route service request using an invalid nonce can cause the gorouter to panic and crash
CVE-2019-11289Cloud FoundryRouting8.6HIGHPassword leak in smbdriver logs
CVE-2019-11283Cloud FoundrySmb Volume8.8HIGHPrivilege Escalation via Scope Manipulation in UAA
CVE-2019-11279Cloud FoundryUaa Release (oss)8.7HIGHPrivilege Escalation via Blind SCIM Injection in UAA
CVE-2019-11278Cloud FoundryUaa Release (oss)8.7HIGHVolume Services is vulnerable to an LDAP injection attack
CVE-2019-11277Cloud FoundryCf Nfs Volume Release8.4HIGHUAA clients.write vulnerability
CVE-2019-11270Cloud FoundryUaa Release (oss)7.3HIGHUAA defaults email address to an insecure domain
CVE-2019-3787Cloud FoundryUaa Release (oss)8.3HIGHUAA redirect-uri allows wildcard in the subdomain
CVE-2019-3788Cloud FoundryUaa Release (oss)8.7HIGHJava Projects using HTTP to fetch dependencies
CVE-2019-3801Cloud FoundryCredhub8.7HIGHBBR could run arbitrary scripts on deployment VMs
CVE-2019-3786Cloud FoundryBosh Backup And Restore7.7HIGHGorouter allows space developer to hijack route services hosted outside the platform
CVE-2019-3789Cloud FoundryCf Routing8.8HIGH