threat
engine
.sh
Back
·
··:··
Home
/
Product
/
cloudfoundry cf deployment
Product
cloudfoundry cf deployment
92 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-22726
>= 0.0.2 and < 55.0.0
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a resu
5.0
MEDIUM
CVE-2026-22723
> 48.7.0 and <= 54.11.0
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.
6.5
MEDIUM
CVE-2025-22246
>= 45.1.0 and < 49.0.0
Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.
3.0
LOW
CVE-2024-22279
>= 30.9.0 and <= 40.13.0
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the ser
5.9
MEDIUM
CVE-2023-34041
< 32.4.0
Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated att
5.3
MEDIUM
CVE-2023-20882
>= 27.4.0 and < 29.0.0
In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of
5.9
MEDIUM
CVE-2023-20881
>= 24.7.0 and <= 29.0.0
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users sy
8.1
HIGH
CVE-2023-20903
all versions
This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external id
4.3
MEDIUM
CVE-2022-31733
>= 17.1 and <= 23.2.0
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible vi
9.1
CRITICAL
CVE-2021-22100
< 17.1.0
In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (acc
5.3
MEDIUM
CVE-2021-22101
< 16.24.0
Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthe
7.5
HIGH
CVE-2021-22098
< 16.20.0
UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redire
6.1
MEDIUM
CVE-2021-22001
< 16.18.0
In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion
7.5
HIGH
CVE-2021-22115
< 16.2.0
Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is
6.5
MEDIUM
CVE-2020-5423
< 15.0.0
CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicio
7.5
HIGH
CVE-2020-5420
< 13.15.0
Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-se
7.7
HIGH
CVE-2020-5418
< 13.17.0
Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" s
4.3
MEDIUM
CVE-2020-5417
< 13.12.0
Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system
8.8
HIGH
CVE-2020-5416
< 13.13.0
Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the
6.5
MEDIUM
CVE-2020-15586
< 13.7.0
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy
5.9
MEDIUM
CVE-2020-5402
< 12.33.0
In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked i
8.8
HIGH
CVE-2020-5401
< 0.197.0
Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid header
5.3
MEDIUM
CVE-2020-5400
< 12.33.0
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may i
6.5
MEDIUM
CVE-2019-11294
< 12.7.0
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including s
4.3
MEDIUM
CVE-2019-11293
< 12.12.0
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent a
6.5
MEDIUM
CVE-2019-11290
< 12.10.0
Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters
7.5
HIGH
CVE-2019-11289
< 12.8.0
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious use
8.6
HIGH
CVE-2019-11283
< 12.2.0
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with acc
8.8
HIGH
CVE-2019-11282
< 12.2.0
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authentic
4.3
MEDIUM
CVE-2019-11278
< 74.1.0
CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write'
8.8
HIGH
CVE-2019-11277
< 11.1.0
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection.
8.1
HIGH
CVE-2019-11274
< 74.0.0
Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could cra
6.1
MEDIUM
CVE-2019-3801
< 7.9.0
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch depende
9.8
CRITICAL
CVE-2019-3789
< 0.188.0
Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route servic
6.5
MEDIUM
CVE-2019-3798
< 1.79.0
Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permis
6.0
MEDIUM
CVE-2019-3785
< 1.78.0
Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated
8.1
HIGH
CVE-2016-0708
>= 166 and <= 227
Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, inclu
5.9
MEDIUM
CVE-2018-1265
< 1.37.0
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote
7.2
HIGH
CVE-2018-1193
< 1.27.0
Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote
5.3
MEDIUM
CVE-2018-1262
>= 1.27.0 and <= 1.31.0
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across ident
7.2
HIGH
CVE-2018-1277
< 1.28.0
Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote auth
6.5
MEDIUM
CVE-2016-2169
< 237
Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business log
5.3
MEDIUM
CVE-2016-6658
< 245
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to t
9.6
CRITICAL
CVE-2018-1191
< 1.9.0
Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden
8.8
HIGH
CVE-2018-1266
< 1.52.0
Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An a
8.1
HIGH
CVE-2018-1221
< 1.14.0
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AW
8.1
HIGH
CVE-2018-1195
< 1.3.0
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud C
8.8
HIGH
CVE-2018-1190
<= 269
An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2,
6.1
MEDIUM
CVE-2017-14389
< 1.0.0
An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to
6.5
MEDIUM
CVE-2017-8031
<= 278
An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6,
5.3
MEDIUM
CVE-2015-5173
< 216
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow
8.8
HIGH
CVE-2015-5172
< 216
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow
9.8
CRITICAL
CVE-2015-5171
< 216
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF
9.8
CRITICAL
CVE-2015-5170
< 216
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow
8.8
HIGH
CVE-2017-8048
all versions
In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the
7.8
HIGH
CVE-2017-8047
<= 273
In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applicat
6.1
MEDIUM
CVE-2016-0732
>= 208 and <= 229
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, w
8.8
HIGH
CVE-2016-0713
all versions
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) at
4.7
MEDIUM
CVE-2017-8037
all versions
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior t
7.5
HIGH
CVE-2017-8035
>= 245 and < 268
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1
7.5
HIGH
CVE-2017-8033
< 268
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-rele
7.8
HIGH
CVE-2017-8036
all versions
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original f
7.8
HIGH
CVE-2017-8034
<= 266
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v
6.6
MEDIUM
CVE-2017-8032
<= 40
In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x
6.6
MEDIUM
CVE-2017-4994
<= 39
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18
7.5
HIGH
CVE-2017-4992
<= 260
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17
9.8
CRITICAL
CVE-2017-4991
<= 259
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16
7.2
HIGH
CVE-2017-4974
<= v257
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15
6.5
MEDIUM
CVE-2017-4973
<= 30
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14
8.8
HIGH
CVE-2017-4972
<= 256
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14
7.5
HIGH
CVE-2017-4970
all versions
An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regressio
5.9
MEDIUM
CVE-2016-8219
< 250
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A
6.5
MEDIUM
CVE-2016-8218
<= 203
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231.
9.8
CRITICAL
CVE-2016-6655
<= 244
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions pri
9.8
CRITICAL
CVE-2016-3084
<= 10
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versi
8.1
HIGH
CVE-2016-2165
<= 231
The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.
6.5
MEDIUM
CVE-2016-0781
all versions
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2
6.1
MEDIUM
CVE-2016-0780
all versions
It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal
7.5
HIGH
CVE-2015-3191
<= 209
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry
8.8
HIGH
CVE-2015-3190
<= 209
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry
6.1
MEDIUM
CVE-2015-3189
<= 208
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry
3.7
LOW
CVE-2015-1834
<= 207
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions pri
6.5
MEDIUM
CVE-2016-5006
<= 238.0
The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain
9.8
CRITICAL
CVE-2016-5016
<= 239
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and ea
5.9
MEDIUM
CVE-2017-4969
<= 254
The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and
6.5
MEDIUM
CVE-2016-4468
<= 12.0
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x befor
8.8
HIGH
CVE-2017-4960
all versions
An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh R
7.5
HIGH
CVE-2016-9882
<= 249
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0.
7.5
HIGH
CVE-2016-6659
<= 23.0
Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (a
8.1
HIGH
CVE-2016-6651
<= 16.0
The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x bef
8.8
HIGH
CVE-2016-6637
<= 15.0
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x
9.6
CRITICAL
CVE-2016-6636
<= 12.3
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and
5.3
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin