Lucene search
PRIOn knowledge basePRION:CVE-2022-31733HistoryFeb 03, 2023 - 7:15 p.m.
Code injection
2023-02-0319:15:00
PRIOn knowledge base
www.prio-n.com
3
code injection
vulnerability
diego-release
cf deployment
unauthorized access
client certificates
app security
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then an attacker could connect to an application that should be only reachable via mTLS, without presenting a client certificate.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cf-deployment | ge | 17.1 | |
| cf-deployment | le | 23.2.0 | |
| diego | ge | 2.55.0 | |
| diego | le | 2.69.0 |
Related
cvelist
cvelist
CVE-2022-31733
2023-02-03 00:00:00
cve
cve
CVE-2022-31733
2023-02-03 19:15:11
cloudfoundry
cloudfoundry
CVE-2022-31733: Unsecured Application Port | Cloud Foundry
2022-12-12 00:00:00
osv
osv
CVE-2022-31733
2023-02-03 19:15:11
nvd
nvd
CVE-2022-31733
2023-02-03 19:15:11