PT-2024-28234 · Cloud Foundry · Cloud Foundry Capi Release+1
Published
2024-11-10
·
Updated
2024-11-12
·
CVE-2024-38826
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/RE:L |
Name of the Vulnerable Software and Affected Versions
Cloud Foundry Capi Release versions prior to 1.194.0
Cloud Foundry cf-deployment versions prior to v44.1.0
Description
The issue allows authenticated users to upload specifically crafted files, potentially leading to a denial of service attack against Cloud Controller by leaking server resources.
Recommendations
For Cloud Foundry Capi Release versions prior to 1.194.0, upgrade to version 1.194.0 or greater.
For Cloud Foundry cf-deployment versions prior to v44.1.0, upgrade to version v44.1.0 or greater, which includes a patched capi release.
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloud Foundry Capi Release
Cf-Deployment