CVE-2023-20882
Last modified
CVE-2023-20882 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool.. EPSS estimates a 0.59% chance of exploitation in the next 30 days.
Description
In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cloudfoundry | Cf-Deployment | >= 27.4.0, < 29.0.0 |
| Cloudfoundry | Routing Release | >= 0.262.0, < 0.266.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-20882?
How severe is CVE-2023-20882?
How do I fix CVE-2023-20882?
Are you affected by CVE-2023-20882?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST