Lucene search

PivotalCVELIST:CVE-2020-5423

HistoryDec 02, 2020 - 1:55 a.m.

CVE-2020-5423 Cloud Controller is vulnerable to denial of service via YAML parsing

2020-12-0201:55:11

CWE-400

pivotal

www.cve.org

cve-2020-5423

cloud controller

denial of service

yaml parsing

capi

unauthenticated attacker

yaml parser

cpu consumption

ram consumption

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

42.5%

JSON

CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.

CNA Affected

[
  {
    "product": "CAPI",
    "vendor": "Cloud Foundry",
    "versions": [
      {
        "lessThan": "1.101.0",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CF Deployment",
    "vendor": "Cloud Foundry",
    "versions": [
      {
        "lessThan": "15.0.0",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cloudfoundry.org/blog/cve-2020-5423

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

42.5%

JSON

Related for CVELIST:CVE-2020-5423