CVE-2023-20882

2023-05-2617:15:13

CWE-400

[email protected]

web.nvd.nist.gov

cloud foundry

routing

denial of service

bug

gorouter

applications

cve-2023-20882

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

33.9%

JSON

In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool.

Affected configurations

Nvd

Node

cloudfoundrycf-deploymentRange27.4.0–29.0.0

cloudfoundryrouting_releaseRange0.262.0–0.266.0

VendorProductVersionCPE
cloudfoundrycf-deployment*cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*
cloudfoundryrouting_release*cpe:2.3:a:cloudfoundry:routing_release:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cloudfoundry	cf-deployment	*	cpe:2.3:a:cloudfoundry:cf-deployment::::::::
cloudfoundry	routing_release	*	cpe:2.3:a:cloudfoundry:routing_release::::::::