CVE-2020-5416 – CF clusters with NGINX in front of them may be vulnerable to DoS
https://notcve.org/view.php?id=CVE-2020-5416
Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool. Cloud Foundry Routing (Gorouter), versiones anteriores a 0.204.0, cuando es usado en una implementación con proxys inversos NGINX frente a los Gorouters, es potencialmente vulnerable a ataques de denegación de servicio en los que un atacante malicioso no autenticado puede enviar peticiones HTTP especialmente diseñadas que pueden causar que los Gorouters sean eliminados del grupo de backend de NGINX. • https://www.cloudfoundry.org/blog/cve-2020-5416 • CWE-404: Improper Resource Shutdown or Release •
CVE-2020-15586 – golang: data race in certain net/http servers including ReverseProxy can lead to DoS
https://notcve.org/view.php?id=CVE-2020-15586
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. Go versiones anteriores a 1.13.13 y versiones 1.14.x anteriores a 1.14.5, presenta una carrera de datos en algunos servidores net/http, como es demostrado por el Manejador httputil.ReverseProxy, porque lee un cuerpo de petición y escribe una respuesta al mismo tiempo A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w https://groups.google.com/forum/#%21topic/golang-announce/f2c5bqrGH_g https://lists.debian.org/debian-lts-announce/2020/11/msg00037& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2020-5402 – UAA fails to check the state parameter when authenticating with external IDPs
https://notcve.org/view.php?id=CVE-2020-5402
In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers. En Cloud Foundry UAA, versiones anteriores a 74.14.0, se presenta una vulnerabilidad de tipo CSRF debido a que el parámetro de estado OAuth2 no es comprado en la función callback cuando se autentican con proveedores de identidad externa. • https://www.cloudfoundry.org/blog/cve-2020-5402 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-5400 – Cloud Controller logs environment variables from app manifests
https://notcve.org/view.php?id=CVE-2020-5400
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials. Cloud Foundry Cloud Controller (CAPI), versiones anteriores a 1.91.0, registra las propiedades de background jobs cuando se ejecutan, lo que puede incluir información confidencial tales como credenciales si se proporcionaron al trabajo. Un usuario malicioso con acceso a esos registros puede conseguir acceso no autorizado a recursos protegidos por tales credenciales. • https://www.cloudfoundry.org/blog/cve-2020-5400 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •
CVE-2019-11294 – CAPI leaks service broker URLs and GUIDs to space developers
https://notcve.org/view.php?id=CVE-2019-11294
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins. Cloud Foundry Cloud Controller API (CAPI), versión 1.88.0, permite a los desarrolladores de espacio enumerar a todos los brokers de servicios globales, incluyendo las URL y los GUID de los intermediarios de servicios, que solo deben ser accesibles para administradores. • https://www.cloudfoundry.org/blog/cve-2019-11294 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •