CVE-2024-37082

Name of the Vulnerable Software and Affected Versions Cloud Foundry versions prior to 40.17.0

Description The issue is related to a security check loophole in the HAProxy release when used in combination with the routing release in Cloud Foundry. This might allow an attacker to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. The vulnerability is associated with the HAProxy component and can be exploited by spoofing, potentially allowing a remote attacker to bypass authentication checks.

Recommendations For Cloud Foundry versions prior to 40.17.0, update to version 40.17.0 or later to resolve the issue. As a temporary workaround, consider disabling the route-services in routing-release or reconfiguring the haproxy-boshrelease property ha proxy.forwarded client cert to a value other than forward only if route service until a patch is applied.