Search
Search Results (44 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1221 | 1 Cloudfoundry | 2 Cf-deployment, Routing-release | 2024-11-21 | 8.1 High |
| In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service. | ||||
| CVE-2018-1195 | 1 Cloudfoundry | 3 Capi-release, Cf-deployment, Cf-release | 2024-11-21 | 8.8 High |
| In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication. | ||||
| CVE-2018-1193 | 1 Cloudfoundry | 2 Cf-deployment, Routing-release | 2024-11-21 | N/A |
| Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections. | ||||
| CVE-2018-1191 | 1 Cloudfoundry | 2 Cf-deployment, Garden-runc-release | 2024-11-21 | N/A |
| Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials. | ||||