cloud foundry Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by cloud foundry
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
UAA accepts SAML Encrypted Assertions authentication bypass
CVE-2026-41005Cloud FoundryUaa9CRITICAL- CVE-2026-41010Cloud Foundry Fou...Bosh Director8.7HIGH
- CVE-2026-41011Cloud Foundry Fou...Bosh8.7HIGH
- CVE-2026-41859Cloud Foundry Fou...Bosh7.1HIGH
- CVE-2026-41860Cloud Foundry Fou...Bosh7.1HIGH
Private Key Exposure in Cloud Foundry UAA Versions
CVE-2026-40965Cloud Foundry Fou...Uaa Release10CRITICALAuthentication Bypass in cf-auth-proxy for Cloud Foundry Foundation
CVE-2026-40964Cloud Foundry Fou...Log-cache Release7.5HIGHSAML 2.0 Signature Bypass Vulnerability in Cloud Foundry UAA
CVE-2026-22734Cloud FoundryUua8.6HIGHPrivate Key Exposure in Cloud Foundry UAA Software
CVE-2025-22246Cloud FoundryUaa7.5HIGHSecurity Check Loophole in HAProxy Release Could Bypass mTLS Authentication
CVE-2024-37082Cloud FoundryHaproxy-boshrelease9.1CRITICALUnauthenticated Attackers Can Degrade Cloud Foundry Deployment Availability
CVE-2024-22279Cloud FoundryRouting Release7.5HIGHCVE-2023-34061 β Gorouter route pruning
CVE-2023-34061Cloud FoundryRouting Release7.5HIGHCloud Controller is vulnerable to denial of service via YAML parsing
CVE-2020-5423Cloud FoundryCapi7.5HIGHGorouter is vulnerable to DoS attack via invalid HTTP responses
CVE-2020-5420Cloud FoundryRouting7.7HIGHCF clusters with NGINX in front of them may be vulnerable to DoS
CVE-2020-5416Cloud FoundryRouting7.7HIGHCloud Controller may allow developers to claim sensitive routes
CVE-2020-5417Cloud FoundryCapi8.5HIGHCloud Controller logs environment variables from app manifests
CVE-2020-5400Cloud FoundryCapi8HIGHUAA fails to check the state parameter when authenticating with external IDPs
CVE-2020-5402Cloud FoundryUaa8.8HIGHCredHub does not properly enable TLS for MySQL database connections
CVE-2020-5399Cloud FoundryCredhub7.6HIGHUAA logs all query parameters with debug logging level
CVE-2019-11293Cloud FoundryUaa Release8.8HIGHCloud Foundry UAA logs query parameters in tomcat access file
CVE-2019-11290Cloud FoundryUaa Release8.8HIGHA forged route service request using an invalid nonce can cause the gorouter to panic and crash
CVE-2019-11289Cloud FoundryRouting8.6HIGHPassword leak in smbdriver logs
CVE-2019-11283Cloud FoundrySmb Volume8.8HIGHPrivilege Escalation via Scope Manipulation in UAA
CVE-2019-11279Cloud FoundryUaa Release (oss)8.7HIGHPrivilege Escalation via Blind SCIM Injection in UAA
CVE-2019-11278Cloud FoundryUaa Release (oss)8.7HIGH