SB2020090120 - Incorrect permission assignment for critical resource in Cloud Foundry Foundation CAPI and CF Deployment 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020090120

SB2020090120 - Incorrect permission assignment for critical resource in Cloud Foundry Foundation CAPI and CF Deployment

Published: September 1, 2020

Security Bulletin ID SB2020090120
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Incorrect permission assignment for critical resource (CVE-ID: CVE-2020-5417)

The vulnerability allows a remote attacker to compromise the sysem.

The vulnerability exists when the affected software is used in a deployment where an app domain is also the system domain. A remote authenticated attacker can claim certain sensitive routes, potentially resulting in the developer’s app handling some requests that were expected to go to certain system components. 


Remediation

Install update from vendor's website.

References