Cloudfoundry Cf-Release vulnerabilities

CVE-2016-0708 [MEDIUM] CWE-200 CVE-2016-0708: Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote di Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script

CVE-2016-2169 [MEDIUM] CWE-17 CVE-2016-2169: Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior t Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service.

CVE-2016-6658 [CRITICAL] CWE-200 CVE-2016-6658: Applications in cf-release before 245 can be configured and pushed with a user-provided custom build Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in

CVE-2018-1195 [HIGH] CWE-613 CVE-2018-1195: In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of cli

CVE-2018-1190 [MEDIUM] CWE-79 CVE-2018-1190: An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v2 An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoin

CVE-2017-14389 [MEDIUM] CVE-2017-14389: An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf- An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space,

CVE-2017-8031 [MEDIUM] CVE-2017-8031: An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is usi

CVE-2015-5172 [CRITICAL] CWE-640 CVE-2015-5172: Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elast Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.

CVE-2015-5171 [CRITICAL] CWE-613 CVE-2015-5171: The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.

CVE-2015-5170 [HIGH] CWE-352 CVE-2015-5170: Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elast Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.

CVE-2015-5173 [HIGH] CWE-200 CVE-2015-5173: Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elast Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."

CVE-2017-8048 [HIGH] CVE-2017-8048: In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a

CVE-2017-8047 [MEDIUM] CWE-601 CVE-2017-8047: In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions p In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain access to user credentials or other sensitive data. NOT

CVE-2016-0732 [HIGH] CWE-269 CVE-2016-0732: The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0 The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified

CVE-2016-0713 [MEDIUM] CWE-79 CVE-2016-0713: Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.

CVE-2017-8037 [HIGH] CVE-2017-8037: In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release v In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to file

CVE-2017-8035 [HIGH] CWE-200 CVE-2017-8035: An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation.

CVE-2017-8033 [HIGH] CWE-22 CVE-2017-8033: An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to

CVE-2017-8034 [MEDIUM] CWE-565 CVE-2017-8034: The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routi The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges.

CVE-2017-4992 [CRITICAL] CWE-269 CVE-2017-4992: An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2 An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior