// For flags

CVE-2024-38826

CVE-2024-38826 Cloud Controller Denial of Service Attack

Severity Score

5.3
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller.

The Cloud Foundry project recommends upgrading the following releases:

* Upgrade capi release version to 1.194.0 or greater
* Upgrade cf-deployment version to v44.1.0 or greater. This includes a patched capi release

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
None
None
Integrity
None
None
Availability
Low
None
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
None
None
Integrity
None
None
Availability
Low
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-06-19 CVE Reserved
  • 2024-11-11 CVE Published
  • 2024-11-12 CVE Updated
  • 2024-11-12 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cloud Foundry
Search vendor "Cloud Foundry"
Cloud Foundry
Search vendor "Cloud Foundry" for product "Cloud Foundry"
< 1.194
Search vendor "Cloud Foundry" for product "Cloud Foundry" and version " < 1.194"
en
Affected