CVE-2020-5417

EPSS 0.34%
Published 21.08.2020 22:15:12
Last modified 21.11.2024 05:34:07
Source security@pivotal.io
Teams watchlist Login
Open Login

Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cloudfoundry ≫ Capi-release Version < 1.97.0

Cloudfoundry ≫ Cf-deployment Version < 13.12.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.34%	0.534

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
security@pivotal.io	8.5	1.8	6	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://www.cloudfoundry.org/blog/cve-2020-5417

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-5417

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-5417

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-5417

EUVD