Diego Security Vulnerabilities
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then an....
9.1CVSS
9AI Score
0.001EPSS
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego.....
7.2CVSS
6.9AI Score
0.003EPSS
Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of...
7.5CVSS
7.4AI Score
0.002EPSS