1. Home
  2. CVE Database
  3. CVE-2020-5417
HIGH · 8.8

CVE-2020-5417

Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vul...

Vulnerability Description

Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CloudfoundryCapi-Release< 1.97.0
CloudfoundryCf-Deployment< 13.12.0

Related Weaknesses (CWE)

CWE-732

References

FAQ

What is CVE-2020-5417?

CVE-2020-5417 is a vulnerability with a CVSS score of 8.8 (HIGH). Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vul...

How severe is CVE-2020-5417?

CVE-2020-5417 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5417?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudfoundry Capi-Release, Cloudfoundry Cf-Deployment.