RSS   Podatności dla 'Routing-release'   RSS

2020-07-17
 
CVE-2020-15586

CWE-362
 

 
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.

 
2019-11-19
 
CVE-2019-11289

CWE-20
 

 
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthorized malicious user could forge a route service request using an invalid nonce that will cause the Gorouter to crash.

 
2018-05-23
 
CVE-2018-1193

CWE-noinfo
 

 
Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.

 
2017-07-17
 
CVE-2017-8034

CWE-565
 

 
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges.

 
2017-06-13
 
CVE-2016-8218

 

 
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.

 

 >>> Vendor: Cloudfoundry 18 Produkty
Cf-release
Capi-release
Bosh azure cpi
Cf-mysql-release
Routing-release
Staticfile buildpack
Cf-deployment
Uaa release
Routing release
Garden-runc
User account and authentication
Container runtime
Command line interface
Credhub cli
Stratos
Bosh backup and restore
Cloud controller
Routing


Copyright 2024, cxsecurity.com

 

Back to Top