Severity
MEDIUM
Vendor
CloudFoundry Foundation
Versions Affected
- Routing Release > v0.273.0 and <= v0.297.0
- CF Deployment > v30.9.0 and <= v40.13.0
Description
Cloud foundry routing release versions from v0.273.0 to v0.297.0 are vulnerable to a DOS attack. An unauthenticated attacker can exploit this vulnerability to force improper handling of requests and if performed at scale degrade the service availability of the Cloud Foundry deployment.
Affected Cloud Foundry Products and Versions
*Severity is high unless otherwise noted.
- Routing_release
- All versions from v0.273.0 to v0.297.0 (inclusive)
- CF Deployment
- All versions from v30.9.0 to v40.13.0 (inclusive)
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below.
The Cloud Foundry project recommends upgrading the following releases:
- Routing_release
- Upgrade routing_release versions to v0.298.0 or greater
- CF Deployment
- Upgrade cf-deployment version to v40.14.0 or greater
- Includes routing_release v0.298.0
Credit
n/a
History
June 5th: Initial vulnerability report published.
