cloud foundry

Top products

The 15 most recently published vulnerabilities affecting cloud foundry.

• CVE-2026-41005UAA accepts SAML Encrypted Assertions authentication bypass9.0Jun 11, 2026
• CVE-2026-41704Compromised VM can make arbitrary blobstore deletes5.0May 27, 2026
• CVE-2026-41009Local Blobstore may allow arbitrary reads/deletes5.8May 27, 2026
• CVE-2026-22734Cloud Foundry UAA SAML 2.0 Signature Bypass8.6Apr 16, 2026
• CVE-2025-22246CVE-2025-22246 – UAA Private Key Exposure3.0May 13, 2025
• CVE-2025-22216CVE-2025-22216 UAA Missing Zone Validation5.4Jan 31, 2025
• CVE-2024-37082When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundr...9.1Jul 3, 2024
• CVE-2024-22279GoRouter Denial of Service Attack5.9Jun 10, 2024
• CVE-2023-34061CVE-2023-34061 – Gorouter route pruning7.5Jan 12, 2024
• CVE-2023-34041CVE-2023-34041-Abuse of HTTP Hop-by-Hop Headers in Cloud Foundry Gorouter5.3Sep 8, 2023
• CVE-2023-20885CF workflows leak credentials in system audit logs6.5Jun 16, 2023
• CVE-2020-5423Cloud Controller is vulnerable to denial of service via YAML parsing7.5Dec 2, 2020
• CVE-2020-5422UAA password may appear in BOSH System Metrics Server process arguments6.5Oct 2, 2020
• CVE-2020-5420Gorouter is vulnerable to DoS attack via invalid HTTP responses7.7Sep 3, 2020
• CVE-2020-5418Cloud Controller allows users with no roles to list droplets4.3Sep 3, 2020