Maximilian Moehl

**Name of the Vulnerable Software and Affected Versions** diego-release versions 2.55.0 through 2.69.0 CF Deployment versions 17.1 through 23.2.0 **Description** The issue allows applications to be accessible via another port on diego cells, enabling application ingress without a client certificate. If mTLS route integrity is enabled and unproxied ports are turned off, an attacker could connect to an application that should only be reachable via mTLS without presenting a client certificate. **Recommendations** For diego-release versions 2.55.0 through 2.69.0, consider disabling the unproxied ports to minimize the risk of exploitation. For CF Deployment versions 17.1 through 23.2.0, ensure that mTLS route integrity is disabled or properly configured to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.