Cloudfoundry Capi-release — known CVE vulnerabilities
Every CVE whose affected-product data names Cloudfoundry Capi-release, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2018-1195 — CVSS 8.8 (high): In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller…
CVE-2020-5417 — CVSS 8.8 (high): Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain…
CVE-2018-1266 — CVSS 8.1 (high): Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An…
CVE-2023-20881 — CVSS 8.1 (high): Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog…
CVE-2019-3785 — CVSS 8.1 (high): Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious…
CVE-2017-8036 — CVSS 7.8 (high): An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for…
CVE-2017-8033 — CVSS 7.8 (high): An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release…
CVE-2020-5423 — CVSS 7.5 (high): CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious…
CVE-2021-22101 — CVSS 7.5 (high): Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated…
CVE-2016-9882 — CVSS 7.5 (high): An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud…
CVE-2017-8035 — CVSS 7.5 (high): An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and…
CVE-2017-8037 — CVSS 7.5 (high): In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270…
CVE-2017-8034 — CVSS 6.6 (medium): The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0…
CVE-2020-5400 — CVSS 6.5 (medium): Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include…
CVE-2017-14389 — CVSS 6.5 (medium): An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280)…
CVE-2021-22115 — CVSS 6.5 (medium): Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed…
CVE-2016-8219 — CVSS 6.5 (medium): An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with…
CVE-2019-3798 — CVSS 6.0 (medium): Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A…
CVE-2016-2169 — CVSS 5.3 (medium): Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw…
CVE-2021-22100 — CVSS 5.3 (medium): In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally…
CVE-2020-5418 — CVSS 4.3 (medium): Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but…
CVE-2019-11294 — CVSS 4.3 (medium): Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service…