Описание
When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications.
You are affected if you have route-services enabled in routing-release and have configured the haproxy-boshrelease property “ha_proxy.forwarded_client_cert” to “forward_only_if_route_service”.
EPSS
9.1 Critical
CVSS3
Дефекты
Связанные уязвимости
Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry prior to v40.17.0 potentially allows bypass of mTLS authentication to applications hosted on Cloud Foundry.
Уязвимость компонента haproxy-boshrelease платформы для многооблачных приложений Cloud Foundry, позволяющая нарушителю обойти проверку подлинности mTLS
EPSS
9.1 Critical
CVSS3