CVE-2020-5417 Vulnerability Details

  /     /     /  

CVE-2020-5417 Metadata Quick Info

CVE Published: 21/08/2020 | CVE Updated: 16/09/2024 | CVE Year: 2020
Source: pivotal | Vendor: Cloud Foundry | Product: CAPI
Status : PUBLISHED

---

CVE-2020-5417 Description

Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer\'s app handling some requests that were expected to go to certain system components.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-732
CWE Name: CWE-732: Incorrect Permission Assignment for Critical Resource
Source: Cloud Foundry

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).