CVE-2023-20881 Vulnerability Details

  /     /     /  

CVE-2023-20881 Metadata Quick Info

CVE Published: 19/05/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: vmware | Vendor: n/a | Product: Cloud Controller API
Status : PUBLISHED

---

CVE-2023-20881 Description

Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they\'re aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-295
CWE Name: CWE-295: Improper Certificate Validation
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).