Main Vulnerability Database Vulnerabilities #VU46181

#VU46181 Incorrect permission assignment for critical resource in Cloud Controller and CF Deployment - CVE-2020-5417

Published: September 1, 2020

Vulnerability identifier: #VU46181

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-5417

CWE-ID: CWE-732

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cloud Controller
CF Deployment

Software vendor:
Cloud Foundry Foundation

Description

The vulnerability allows a remote attacker to compromise the sysem.

The vulnerability exists when the affected software is used in a deployment where an app domain is also the system domain. A remote authenticated attacker can claim certain sensitive routes, potentially resulting in the developer’s app handling some requests that were expected to go to certain system components.

Remediation

Install updates from vendor's website.

External links

https://www.cloudfoundry.org/blog/cve-2020-5417

#VU46181 Incorrect permission assignment for critical resource in Cloud Controller and CF Deployment - CVE-2020-5417

Description

Remediation

External links

Please verify you're human