Lucene search

GoogleOSV:CVE-2022-31733

HistoryFeb 03, 2023 - 7:15 p.m.

CVE-2022-31733

2023-02-0319:15:11

Google

osv.dev

cve-2022-31733

applications

port access

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.9%

JSON

Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then an attacker could connect to an application that should be only reachable via mTLS, without presenting a client certificate.

CPENameOperatorVersion
cf-deploymenteq20.3.0
cf-deploymenteq21.5.0
cf-deploymenteq21.10.0
cf-deploymenteq21.8.0
cf-deploymenteq21.6.0
cf-deploymenteq20.1.0
cf-deploymenteq20.4.0
cf-deploymenteq22.0.0
cf-deploymenteq17.1.0
cf-deploymenteq18.0.0

Name	Operator	Version
cf-deployment	eq	20.3.0
cf-deployment	eq	21.5.0
cf-deployment	eq	21.10.0
cf-deployment	eq	21.8.0
cf-deployment	eq	21.6.0
cf-deployment	eq	20.1.0
cf-deployment	eq	20.4.0
cf-deployment	eq	22.0.0
cf-deployment	eq	17.1.0
cf-deployment	eq	18.0.0

Rows per page:

1-10 of 261

References

www.cloudfoundry.org/blog/cve-2022-31733-unsecured-application-port

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.9%

JSON

Related for OSV:CVE-2022-31733