github.com/cloudfoundry/loggregator is vulnerable to improper validation of app GUID. The vulnerability exists due to the improper check on appID in Wrap
of log_access_middleware.go
, allowing remotely authenticated users with the knowledge of an existing appID to read and write to the application’s log.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/cloudfoundry/loggregator | eq | HEAD | |
github.com/cloudfoundry/loggregator | le | 102.1 |