CVE-2023-20881

Name of the Vulnerable Software and Affected Versions Cloud Foundry versions 1.140 through 1.152.0 loggregator-agent version 7 and later

Description The issue allows users to override other users' syslog drain credentials if they are aware of the client certificate used for that syslog drain. This applies even if the drain has zero certificates, enabling the user to override the private key and add or modify a certificate authority used for the connection.

Recommendations For Cloud Foundry versions 1.140 through 1.152.0, restrict access to the syslog drain configuration to prevent unauthorized modifications. For loggregator-agent version 7 and later, consider disabling the syslog drain feature until a fix is available to prevent credential overrides. Avoid using the same client certificate for multiple syslog drains to minimize the risk of exploitation.