Cloud Foundry Logo
blog single gear
Security Advisory

CVE-2024-38826 Cloud Controller Denial of Service Attack

Severity

MEDIUM

Vendor

CloudFoundry Foundation

Versions Affected

  • Capi Release version < 1.194

Description

Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller.

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below.

The Cloud Foundry project recommends upgrading the following releases:

  • Upgrade capi release version to 1.194.0 or greater
  • Upgrade cf-deployment version to v44.1.0 or greater. This includes a patched capi release 

History

November 6th: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES