Is CVE-2022-31733 actively exploited?

CVE-2022-31733 has no public evidence of in-the-wild exploitation as of 2025-03-25.

What is the CVSS score for CVE-2022-31733?

CVE-2022-31733 has a CVSS score of 9.1 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

How do I patch CVE-2022-31733?

Patch guidance is available from cloudfoundry security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2022-31733.

Fix CVE-2022-31733 - CRITICAL cloudfoundry cf-deployment

Q: Which products are affected by CVE-2022-31733?

2 products: cloudfoundry cf-deployment, cloudfoundry diego.

Description

Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then an attacker could connect to an application that should be only reachable via mTLS, without presenting a client certificate.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: none
Weaknesses: CWE-295 CWE-295

Metadata

Primary Vendor: CLOUDFOUNDRY
Published: 2/3/2023
Last Modified: 3/25/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2022-31733

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary