1. Home
  2. CVE Database
  3. CVE-2022-31733
CRITICAL · 9.1

CVE-2022-31733

Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a ...

Vulnerability Description

Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then an attacker could connect to an application that should be only reachable via mTLS, without presenting a client certificate.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
CloudfoundryCf-Deployment>= 17.1, <= 23.2.0
CloudfoundryDiego>= 2.55.0, <= 2.69.0

Related Weaknesses (CWE)

CWE-295

References

FAQ

What is CVE-2022-31733?

CVE-2022-31733 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a ...

How severe is CVE-2022-31733?

CVE-2022-31733 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-31733?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudfoundry Cf-Deployment, Cloudfoundry Diego.