GHSA-w3h5-p6v5-5vjm

Опубликовано: 03 июл. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9

Описание

Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry prior to v40.17.0 potentially allows bypass of mTLS authentication to applications hosted on Cloud Foundry.

Ссылки

EPSS

Процентиль: 16%

0.00052

Низкий

9 Critical

CVSS3

CVE ID

CVE-2024-37082

Дефекты

CWE-290

Связанные уязвимости

CVE-2024-37082

CVSS3: 9.1

nvd

больше 1 года назад

When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have configured the haproxy-boshrelease property “ha_proxy.forwarded_client_cert” to “forward_only_if_route_service”.

BDU:2024-09482

CVSS3: 9.1

fstec

больше 1 года назад

Уязвимость компонента haproxy-boshrelease платформы для многооблачных приложений Cloud Foundry, позволяющая нарушителю обойти проверку подлинности mTLS

EPSS

Процентиль: 16%

0.00052

Низкий

9 Critical

CVSS3

CVE ID

CVE-2024-37082

Дефекты

CWE-290