Количество 3
Количество 3
CVE-2024-37082
When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have configured the haproxy-boshrelease property “ha_proxy.forwarded_client_cert” to “forward_only_if_route_service”.
GHSA-w3h5-p6v5-5vjm
Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry prior to v40.17.0 potentially allows bypass of mTLS authentication to applications hosted on Cloud Foundry.
BDU:2024-09482
Уязвимость компонента haproxy-boshrelease платформы для многооблачных приложений Cloud Foundry, позволяющая нарушителю обойти проверку подлинности mTLS
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-37082 When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have configured the haproxy-boshrelease property “ha_proxy.forwarded_client_cert” to “forward_only_if_route_service”. | CVSS3: 9.1 | 0% Низкий | больше 1 года назад |
| GHSA-w3h5-p6v5-5vjm Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry prior to v40.17.0 potentially allows bypass of mTLS authentication to applications hosted on Cloud Foundry. | CVSS3: 9 | 0% Низкий | больше 1 года назад |
 | BDU:2024-09482 Уязвимость компонента haproxy-boshrelease платформы для многооблачных приложений Cloud Foundry, позволяющая нарушителю обойти проверку подлинности mTLS | CVSS3: 9.1 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу