Cloudfoundry Cf-Deployment vulnerabilities

CVE-2019-11294 [MEDIUM] CWE-200 CVE-2019-11294: Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all globa Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.

CVE-2019-11293 [MEDIUM] CWE-532 CVE-2019-11293: Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_ Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.

CVE-2019-11290 [HIGH] CWE-532 CVE-2019-11290: Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access f Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.

CVE-2019-11289 [HIGH] CWE-20 CVE-2019-11289: Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.

CVE-2019-11283 [HIGH] CWE-532 CVE-2019-11283: Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to th Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.

CVE-2019-11282 [MEDIUM] CWE-200 CVE-2019-11282: Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM inject Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.

CVE-2019-11277 [HIGH] CWE-90 CVE-2019-11277: Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack.

CVE-2019-3801 [CRITICAL] CWE-494 CVE-2019-3801: Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an inse Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.

CVE-2018-1265 [HIGH] CWE-434 CVE-2018-1265: Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar a Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell.

CVE-2018-1193 [MEDIUM] CVE-2018-1193: Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-For Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.

CVE-2018-1262 [HIGH] CVE-2018-1262: Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow pri Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offl

CVE-2018-1277 [MEDIUM] CWE-400 CVE-2018-1277: Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Dock Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS against the cell.

CVE-2018-1191 [HIGH] CWE-215 CVE-2018-1191: Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.

CVE-2018-1195 [HIGH] CWE-613 CVE-2018-1195: In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of cli

CVE-2018-1221 [HIGH] CWE-20 CVE-2018-1221: In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishan In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service.

CVE-2017-14389 [MEDIUM] CVE-2017-14389: An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf- An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space,