CVE-2023-34041 — Foundry CF Deployment vulnerability

3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 63.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloud Foundry CF Deployment Cloud Foundry Routing Cloudfoundry Cf-deployment +1 more

Timeline

PublishedSep 8

Description

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDcloudfoundry/routing-release< 0.278.0

▶CVEListV5cloud_foundry/routingall — 0.278.0

▶NVDcloudfoundry/cf-deployment< 32.4.0

▶CVEListV5cloud_foundry/cf_deploymentall — 32.4.0

🔴Vulnerability Details

GHSA

GHSA-9jjv-6rgq-8j87: Cloud foundry routing release versions prior to 0↗2023-09-08

▶

CVEList

CVE-2023-34041-Abuse of HTTP Hop-by-Hop Headers in Cloud Foundry Gorouter↗2023-09-08

▶