Severity
High
CVSS Score: High 7.1CVSSv4: High 7.1 (CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:H/SA:H)
CVSSv3: High 8.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)Vendor
Cloud Foundry Foundation / BOSH
Versions Affected
*Severity is High unless otherwise noted.
BOSH
– All versions prior to v282.1.9
Description
CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM.
HttpRequestHelper#create_async_endpoint and #send_http_get_request_synchronous hard-code OpenSSL::SSL::VERIFY_NONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH director or UAA and steal credentials.
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below.
The Cloud Foundry project recommends upgrading the following releases:
BOSH
– Upgrade BOSH versions to v282.1.9 or greater
Credit
n/a
History
TBC: Initial vulnerability report published.
