This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


Vendor Cloudfoundry First view 2017-01-13
Product Capi-Release Last view 2019-04-17
Version 1.1.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
CPE Product cpe:2.3:a:cloudfoundry:capi-release

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2019-04-17 CVE-2019-3798

Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim.

6.6 2017-07-17 CVE-2017-8034

The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges.

7.5 2017-01-13 CVE-2016-9882

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog.

CWE : Common Weakness Enumeration

33% (1) CWE-565 Reliance on Cookies without Validation and Integrity Checking
33% (1) CWE-287 Improper Authentication
33% (1) CWE-200 Information Exposure