1. Home
  2. CVE Database
  3. CVE-2023-20881
HIGH · 8.1

CVE-2023-20881

Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used...

Vulnerability Description

Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CloudfoundryCapi-Release>= 1.140, <= 1.152.0
CloudfoundryCf-Deployment>= 24.7.0, <= 29.0.0
CloudfoundryLoggregator-Agent>= 7.0, <= 7.2.1

Related Weaknesses (CWE)

CWE-295

References

FAQ

What is CVE-2023-20881?

CVE-2023-20881 is a vulnerability with a CVSS score of 8.1 (HIGH). Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used...

How severe is CVE-2023-20881?

CVE-2023-20881 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20881?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudfoundry Capi-Release, Cloudfoundry Cf-Deployment, Cloudfoundry Loggregator-Agent.