CVE-2024-37082
https://notcve.org/view.php?id=CVE-2024-37082
Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry prior to v40.17.0 potentially allows bypass of mTLS authentication to applications hosted on Cloud Foundry. La laguna de control de seguridad en la versión HAProxy (en combinación con la versión de enrutamiento) en Cloud Foundry anterior a v40.17.0 potencialmente permite omitir la autenticación mTLS en aplicaciones alojadas en Cloud Foundry. When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have configured the haproxy-boshrelease property “ha_proxy.forwarded_client_cert” to “forward_only_if_route_service”. • https://www.cloudfoundry.org/blog/cve-2024-37082-mtls-bypass • CWE-290: Authentication Bypass by Spoofing •