Lucene search

Cloud FoundryCFOUNDRY:05E6C22FE838F2AFA99501F69C39E2B4

HistoryJun 24, 2024 - 12:00 a.m.

CVE-2024-37082 - mTLS bypass | Cloud Foundry

2024-06-2400:00:00

Cloud Foundry

www.cloudfoundry.org

cve-2024-37082

cloud foundry

haproxy

mtls authentication

bypass

vulnerability

routing release

route services

security

upgrade

configuration

http requests

christian schubert

mitigation

6.8 Medium

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

JSON

Severity

CRITICAL

Vendor

CloudFoundry Foundation

Versions Affected

Routing Release < 0.299.0 (in combination with HAProxy Release > 10.6.0)

Description

When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications.

You are affected if you have route-services enabled in routing-release and have configured the haproxy-boshrelease property “ha_proxy.forwarded_client_cert” to “forward_only_if_route_service”.

Mitigation

In case your setup – CF with HAProxy release, route-service enabled and mTLS authentication used – is affected by this vulnerability, it is strongly recommended to apply the following mitigation:

Upgrade routing_release version to 0.299.0 or greater
Set “router.route_services_strict_signature_validation” to “true”

The cf-deployment release v40.17.0 can be used to upgrade the routing release.

Credit

This issue was responsibly reported by Christian Schubert.

History

24.06.2024: Initial vulnerability report published.