Approved changes feed: RSS · Atom
cpe:2.3:a:cloud_foundry:bosh:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Cloud Foundry (bbc462c7-a964-5178-97e1-18033ab4dbd3) |
|---|---|
| Product | Bosh (c99a4e3f-9b69-5ee6-83db-2e38f5002f9b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/cloudfoundry/bosh |
purl2cpe | 2026-06-01 10:14:44.595235 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-11271 |
vulnerable | 2026-06-03 14:39:32.602316 |
Bosh Deployment logs leak sensitive information
MEDIUM (6)
Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest.
Published: 2019-06-18T23:38:15.403Z
Updated: 2024-09-17T00:37:19.176Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11083 |
vulnerable | 2026-06-03 14:38:00.881966 |
Bosh accepts refresh tokens in place of an access token
HIGH (8.4)
Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh token given by UAA can be used to access BOSH resources without obtaining an access token, even if their user no longer has access to those resources.
Published: 2018-10-05T21:00:00.000Z
Updated: 2024-08-05T07:54:36.539Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.