Vulnerabilities for Routing-release (...) - CXSECURITY.COM

Vulnerabilities for 'Routing-release'

2020-07-17

CVE-2020-15586

CWE-362

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.

2019-11-19

CVE-2019-11289

CWE-20

Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthorized malicious user could forge a route service request using an invalid nonce that will cause the Gorouter to crash.

2018-05-23

CVE-2018-1193

CWE-noinfo

Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.

2017-07-17

CVE-2017-8034

CWE-565

The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges.

2017-06-13

CVE-2016-8218

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.

>>> Vendor: Cloudfoundry 18 Products

Cf-mysql-release

Routing-release

Staticfile buildpack

Routing release

User account and authentication

Container runtime

Command line interface

Bosh backup and restore

Cloud controller

Copyright 2024, cxsecurity.com