Capi-release

This hub aggregates every CVE we track for Capi-release, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Capi-release.

• CVE-2023-20881Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate u...8.1May 19, 2023
• CVE-2021-22100In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail i...5.3Mar 25, 2022
• CVE-2021-22101Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP re...7.5Oct 27, 2021
• CVE-2021-22115Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text w...6.5Apr 8, 2021
• CVE-2020-5423Cloud Controller is vulnerable to denial of service via YAML parsing7.5Dec 2, 2020
• CVE-2020-5418Cloud Controller allows users with no roles to list droplets4.3Sep 3, 2020
• CVE-2020-5417Cloud Controller may allow developers to claim sensitive routes8.8Aug 21, 2020
• CVE-2020-5400Cloud Controller logs environment variables from app manifests6.5Feb 27, 2020
• CVE-2019-11294CAPI leaks service broker URLs and GUIDs to space developers4.3Dec 19, 2019
• CVE-2019-3798Escalation of Privileges in Cloud Controller6.0Apr 17, 2019
• CVE-2019-3785Cloud Controller provides signed URL with write authorization to read only user8.1Mar 13, 2019
• CVE-2016-2169Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a ...5.3Apr 18, 2018
• CVE-2018-1266Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application...8.1Mar 27, 2018
• CVE-2018-1195In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access to...8.8Mar 19, 2018
• CVE-2017-14389An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud...6.5Nov 28, 2017