CVE-2024-38826 Cloud Controller Denial of Service Attack

Severity

MEDIUM

Vendor

CloudFoundry Foundation

Versions Affected

Capi Release version < 1.194

Description

Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller.

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below.

The Cloud Foundry project recommends upgrading the following releases:

Upgrade capi release version to 1.194.0 or greater
Upgrade cf-deployment version to v44.1.0 or greater. This includes a patched capi release

History

November 6th: Initial vulnerability report published.

CVE-2024-38826 Cloud Controller Denial of Service Attack

Severity

Vendor

Versions Affected

Description

Mitigation

History

You Might Also Like

USN-3387-1: Git vulnerability

USN-3434-1: Libidn vulnerability

USN-3478-1: Perl vulnerabilities

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!