Cloud Controller at Risk of Denial of Service Attack Due to malicious file upload
CVE-2024-38826

Currently unrated

Key Information:

Vendor: Cloud Foundry
Status: Cloud Foundry
Vendor: CVE Published:; 11 November 2024

🔔 Create Cloud Foundry Vulnerability Alert

What is CVE-2024-38826?

Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller.

The Cloud Foundry project recommends upgrading the following releases:

Upgrade capi release version to 1.194.0 or greater
Upgrade cf-deployment version to v44.1.0 or greater. This includes a patched capi release

Affected Version(s)

Cloud Foundry 0

References

https://www.cloudfoundry.org/blog/cve-2024-38826-cloud-co...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2024
Vulnerability Reserved
Jun 19, 2024

CVE-2024-38826 Data

JSON