CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34061 – CVE-2023-34061 – Gorouter route pruning
https://notcve.org/view.php?id=CVE-2023-34061
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment. Las versiones de enrutamiento de Cloud Foundry desde v0.163.0 hasta v0.283.0 son vulnerables a un ataque de DOS. Un atacante no autenticado puede utilizar esta vulnerabilidad para forzar la poda de rutas y, por lo tanto, degradar la disponibilidad del servicio de la implementación de Cloud Foundry. • https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34054 – Reactor Netty HTTP Server Metrics DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-34054
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled. En Reactor Netty HTTP Server, versiones 1.1.x anteriores a 1.1.13 y versiones 1.0.x anteriores a 1.0.39, es posible que un usuario proporcione solicitudes HTTP especialmente manipuladas que pueden causar una condición de denegación de servicio (DoS). Específicamente, una aplicación es vulnerable si la integración integrada del servidor HTTP Reactor Netty con Micrometer está habilitada. • https://spring.io/security/cve-2023-34054 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34062
https://notcve.org/view.php?id=CVE-2023-34062
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources. En Reactor Netty HTTP Server, versiones 1.1.x anteriores a 1.1.13 y versiones 1.0.x anteriores a 1.0.39, un usuario malintencionado puede enviar una solicitud utilizando una URL especialmente manipulada que puede provocar un ataque Directory Traversal. Específicamente, una aplicación es vulnerable si el servidor HTTP Reactor Netty está configurado para servir recursos estáticos. • https://spring.io/security/cve-2023-34062 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20885 – CF workflows leak credentials in system audit logs
https://notcve.org/view.php?id=CVE-2023-20885
Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19. • https://www.cloudfoundry.org/blog/cve-2023-20885-cf-workflows-leak-credentials-in-system-audit-logs • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2022-31683
https://notcve.org/view.php?id=CVE-2022-31683
Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team. • https://github.com/concourse/concourse/security/advisories/GHSA-5jp2-vwrj-99rf •