Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2024-38826 Cloud Controller Denial of Service Attack

by: November 6, 2024

Severity

MEDIUM

Vendor

CloudFoundry Foundation

Versions Affected

  • Capi Release version < 1.194

Description

Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller.

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below.

The Cloud Foundry project recommends upgrading the following releases:

  • Upgrade capi release version to 1.194.0 or greater
  • Upgrade cf-deployment version to v44.1.0 or greater. This includes a patched capi release 

History

November 6th: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-4334-1: Git vulnerability
Security Advisory

USN-4334-1: Git vulnerability

by Cloud Foundry Foundation Security Team May 14, 2020
USN-4199-1: libvpx vulnerabilities
Security Advisory

USN-4199-1: libvpx vulnerabilities

by Cloud Foundry Foundation Security Team December 5, 2019
Various MySQL Security Updates from July 2018 through January 2019
Security Advisory

Various MySQL Security Updates from July 2018 through January 2019

by Cloud Foundry Foundation Security Team July 22, 2019
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept