Description
In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or manage apps.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- none
- Availability
- low
- Weaknesses
- CWE-400CWE-400
Metadata
- Primary Vendor
- CLOUDFOUNDRY
- Published
- 3/25/2022
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
cloudfoundry : capi-releasecloudfoundry : cf-deployment
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.