CVE-2024-38826 – CVE-2024-38826 Cloud Controller Denial of Service Attack
https://notcve.org/view.php?id=CVE-2024-38826
Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: * Upgrade capi release version to 1.194.0 or greater * Upgrade cf-deployment version to v44.1.0 or greater. This includes a patched capi release • https://www.cloudfoundry.org/blog/cve-2024-38826-cloud-controller-denial-of-service-attack •
CVE-2024-37082
https://notcve.org/view.php?id=CVE-2024-37082
Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry prior to v40.17.0 potentially allows bypass of mTLS authentication to applications hosted on Cloud Foundry. La laguna de control de seguridad en la versión HAProxy (en combinación con la versión de enrutamiento) en Cloud Foundry anterior a v40.17.0 potencialmente permite omitir la autenticación mTLS en aplicaciones alojadas en Cloud Foundry. When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have configured the haproxy-boshrelease property “ha_proxy.forwarded_client_cert” to “forward_only_if_route_service”. • https://www.cloudfoundry.org/blog/cve-2024-37082-mtls-bypass • CWE-290: Authentication Bypass by Spoofing •
CVE-2020-5422 – UAA password may appear in BOSH System Metrics Server process arguments
https://notcve.org/view.php?id=CVE-2020-5422
BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details). BOSH System Metrics Server versiones anteriores a 0.1.0, exponían la contraseña UAA como un flag para un proceso que es ejecutado en el director de BOSH. Expuso la contraseña a cualquier usuario o proceso con acceso a la misma VM (por medio de ps o observando los detalles del proceso) • https://www.cloudfoundry.org/blog/cve-2020-5422 • CWE-214: Invocation of Process Using Visible Sensitive Information CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2019-11271 – Bosh Deployment logs leak sensitive information
https://notcve.org/view.php?id=CVE-2019-11271
Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest. Cloud Foundry BOSH versión 270.x anteriores a v270.1.1, contienen un Director BOSH que no corrige las credenciales cuando se configura para usar una base de datos MySQL. Un usuario malicioso autenticado local puede leer cualquier credencial que esté contenida en un manifiesto BOSH. • https://www.cloudfoundry.org/blog/cve-2019-11271 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •
CVE-2018-15800 – Timing attack allows extraction of signing key in Bits Service
https://notcve.org/view.php?id=CVE-2018-15800
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage. En ParsePayloadHeader de payload_metadata.cc, hay una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría llevar a un escalado de privilegios remoto sin necesitar privilegios de ejecución adicionales. No se necesita interacción del usuario para explotarlo. • https://www.cloudfoundry.org/blog/cve-2018-15800 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •