Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-34041

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.

Published

2023-09-08T08:15:07.493

Last Modified

2024-11-21T08:06:27.477

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cloudfoundry	cf-deployment	< 32.4.0	Yes
Application	cloudfoundry	routing-release	< 0.278.0	Yes

References

https://www.cloudfoundry.org/blog/abuse-of-http-hop-by-hop-headers-in-cloud-foundry-gorouter/ Vendor Advisory ([email protected])
https://www.cloudfoundry.org/blog/abuse-of-http-hop-by-hop-headers-in-cloud-foundry-gorouter/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)