CVE-2020-5417

Name of the Vulnerable Software and Affected Versions Cloud Foundry CAPI (Cloud Controller) versions prior to 1.97.0

Description The issue allows developers to maliciously or accidentally claim certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components. This occurs when the Cloud Foundry CAPI is used in a deployment where an app domain is also the system domain, which is true in the default CF Deployment manifest.

Recommendations For versions prior to 1.97.0, update to version 1.97.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive routes to prevent malicious or accidental claims by developers.