Security feature bypass

2016-09-1802:59:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.6%

JSON

Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.

CPENameOperatorVersion
cloud_foundry_elastic_runtimeeq1.7.6
cloud_foundry_elastic_runtimeeq1.7.1
cloud_foundry_elastic_runtimeeq1.7.10
cloud_foundry_elastic_runtimeeq1.7.4
cloud_foundry_elastic_runtimeeq1.7.11
cloud_foundry_elastic_runtimeeq1.7.7
cloud_foundry_elastic_runtimeeq1.7.0
cloud_foundry_elastic_runtimeeq1.7.8
cloud_foundry_elastic_runtimeeq1.7.5
cloud_foundry_elastic_runtimeeq1.7.9

Name	Operator	Version
cloud_foundry_elastic_runtime	eq	1.7.6
cloud_foundry_elastic_runtime	eq	1.7.1
cloud_foundry_elastic_runtime	eq	1.7.10
cloud_foundry_elastic_runtime	eq	1.7.4
cloud_foundry_elastic_runtime	eq	1.7.11
cloud_foundry_elastic_runtime	eq	1.7.7
cloud_foundry_elastic_runtime	eq	1.7.0
cloud_foundry_elastic_runtime	eq	1.7.8
cloud_foundry_elastic_runtime	eq	1.7.5
cloud_foundry_elastic_runtime	eq	1.7.9