RSS   Vulnerabilities for 'Capi-release'   RSS

2017-07-17
 
CVE-2017-8034

CWE-565
 

 
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges.

 
2017-01-13
 
CVE-2016-9882

 

 
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog.

 

 >>> Vendor: Cloud foundry 11 Products
Php buildpack
Cf-release
Capi-release
Diego
BOSH
Cf-mysql-release
Routing-release
Staticfile buildpack
Cf-networking
Bits service
Loggregator


Copyright 2024, cxsecurity.com

 

Back to Top