CVE-2024-22279

2024-06-1020:15:12

CWE-444

[email protected]

web.nvd.nist.gov

improper handling

routing release

unauthenticated attacker

service availability

cloud foundry deployment

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade
the service availability of the Cloud Foundry deployment if performed at scale.

Affected configurations

NVD

Node

cloudfoundrycf-deploymentRange30.9.0–40.13.0

cloudfoundryrouting_releaseRange0.273.0–0.297.0

CPENameOperatorVersion
cloudfoundry:cf-deploymentcloudfoundry cf-deploymentle40.13.0
cloudfoundry:routing_releasecloudfoundry routing releasele0.297.0

CPE	Name	Operator	Version
cloudfoundry:cf-deployment	cloudfoundry cf-deployment	le	40.13.0
cloudfoundry:routing_release	cloudfoundry routing release	le	0.297.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Routing Release",
    "vendor": "Cloud Foundry",
    "versions": [
      {
        "lessThanOrEqual": "v0.297.0",
        "status": "affected",
        "version": "v0.273.0",
        "versionType": "custom"
      }
    ]
  }
]