Описание
Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.
Ссылки
- MitigationVendor Advisory
- MitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.33 (включая)
Одно из
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.0014
Низкий
7.3 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-254
Связанные уязвимости
CVSS3: 7.3
github
больше 3 лет назад
Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.
EPSS
Процентиль: 35%
0.0014
Низкий
7.3 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-254