CVE-2024-22279 - GoRouter Denial of Service Attack | Cloud Foundry

Severity

MEDIUM

Vendor

CloudFoundry Foundation

Versions Affected

• Routing Release > v0.273.0 and <= v0.297.0
• CF Deployment > v30.9.0 and <= v40.13.0

Description

Cloud foundry routing release versions from v0.273.0 to v0.297.0 are vulnerable to a DOS attack. An unauthenticated attacker can exploit this vulnerability to force improper handling of requests and if performed at scale degrade the service availability of the Cloud Foundry deployment.

Affected Cloud Foundry Products and Versions

*Severity is high unless otherwise noted.__

• Routing_release
• All versions from v0.273.0 to v0.297.0 (inclusive)
• CF Deployment
• All versions from v30.9.0 to v40.13.0 (inclusive)

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below.

The Cloud Foundry project recommends upgrading the following releases:__

• Routing_release
• Upgrade routing_release versions to v0.298.0 or greater
• CF Deployment
• _Upgrade cf-deployment version to v40.14.0 or greater _
• Includes routing_release v0.298.0

Credit

n/a

History

June 5th: Initial vulnerability report published.