Cloud FoundryCFOUNDRY:96AFFC209215487CB25087278EC46B3DCVE-2023-20881: CAs for syslog-drain mtls feature can be overwritten | Cloud Foundry
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
32.6%
Severity
Medium
Vendor
Cloud Foundry Foundation
Description
Users on cf may override other users syslog drain credentials if they’re aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection leading to Denial of Service attack or causing the drain to permit bad certificates.
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- CAPI
- All versions between 1.140 and 1.152.0
- Loggregator-agent v7+
- CF Deployment
- All versions between 24.7.0 and 29.0.0
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
- CAPI
- Upgrade all versions to 1.152.0 or greater
- CF Deployment
- Upgrade all versions to 29.0.0 or greater
** Credit**
This issue was reported by Felix Hambrecht.
References
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H
History
2023-05-18: Initial vulnerability report published.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
32.6%