Cloud Foundry Routing Improper Input Validation vulnerability · CVE-2019-11289 · GitHub Advisory Database · GitHub

Cloud Foundry Routing Improper Input Validation vulnerability

High severity GitHub Reviewed Published May 18, 2021 to the GitHub Advisory Database • Updated Aug 28, 2023

Package

code.cloudfoundry.org/gorouter (Go)

Affected versions

< 0.0.0-20191101214924-b1b5c44e050f

Patched versions

0.0.0-20191101214924-b1b5c44e050f

github.com/cloudfoundry/gorouter (Go)

< 0.0.0-20191101214924-b1b5c44e050f

0.0.0-20191101214924-b1b5c44e050f

Description

Cloud Foundry Routing, all versions before 0.0.0-20191101214924-b1b5c44e050f, does not properly validate nonce input. A remote unauthorized malicious user could forge a route service request using an invalid nonce that will cause the Gorouter to crash.

References

Reviewed May 17, 2021

Published to the GitHub Advisory Database May 18, 2021

Last updated Aug 28, 2023

Severity

High

7.5

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H