Unauthenticated Attackers Can Degrade Cloud Foundry Deployment Availability
CVE-2024-22279

7.5HIGH

Key Information:

Vendor: Cloud Foundry
Status: Routing Release
Vendor: CVE Published:; 10 June 2024

🔔 Create Cloud Foundry Vulnerability Alert

What is CVE-2024-22279?

The vulnerability in Cloud Foundry's Routing Release is attributed to improper handling of requests that permits unauthorized attackers to potentially degrade the availability of the Cloud Foundry service. This flaw affects versions from v0.273.0 to v0.297.0, where an attacker could execute denial-of-service attacks on the deployment if the attack is conducted at scale. Organizations utilizing these versions should apply mitigations to protect against service disruptions.

Affected Version(s)

Routing Release v0.273.0

References

https://www.cloudfoundry.org/blog/cve-2024-22279-gorouter...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2024
Vulnerability Reserved
Jan 8, 2024

CVE-2024-22279 Data

JSON