Overview
- Description
- In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or manage apps.
- Source
- security@vmware.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53BB2CC2-6A23-42D9-961A-E523CADACF76",
"versionEndExcluding": "1.122.0"
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9DCDC94-0101-4B6D-9D2D-7D7364EC86B1",
"versionEndExcluding": "17.1.0"
}
],
"operator": "OR"
}
]
}
]