Pivotal Cloud Foundry Deployment vulnerabilities
2 known vulnerabilities affecting pivotal/cloud_foundry_deployment.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2023-34061HIGHCVSS 7.5≥ 0.28.0, ≤ 33.5.02024-01-12
CVE-2023-34061 [HIGH] CWE-400 CVE-2023-34061: Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.
nvd
CVE-2019-3800HIGHCVSS 7.8fixed in 10.0.02019-08-05
CVE-2019-3800 [HIGH] CWE-522 CVE-2019-3800: CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
nvd