Severity
MEDIUM
Vendor
CloudFoundry Foundation
Versions Affected
- Capi Release version < 1.194
Description
Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller.
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below.
The Cloud Foundry project recommends upgrading the following releases:
- Upgrade capi release version to 1.194.0 or greater
- Upgrade cf-deployment version to v44.1.0 or greater. This includes a patched capi release
History
November 6th: Initial vulnerability report published.