CVE-2024-38826

Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: * Upgrade capi release version to 1.194.0 or greater * Upgrade cf-deployment version to v44.1.0 or greater. This includes a patched capi release

CVSS

No CVSS.

References

Link	Resource
https://www.cloudfoundry.org/blog/cve-2024-38826-cloud-controller-denial-of-service-attack/

Configurations

No configuration.

History

17 Mar 2025, 22:15

Type	Values Removed	Values Added
CWE		CWE-400

Information

Published : 2024-11-11 06:15

Updated : 2025-03-17 22:15

NVD link : CVE-2024-38826

Mitre link : CVE-2024-38826

CVE.ORG link : CVE-2024-38826

JSON object : View

Products Affected

No product.

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-38826", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@vmware.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 5.3, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "LOW", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-11-11T06:15:04.963", "references": [{"url": "https://www.cloudfoundry.org/blog/cve-2024-38826-cloud-controller-denial-of-service-attack/", "source": "security@vmware.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller.\n\nThe Cloud Foundry project recommends upgrading the following releases:\n\n * Upgrade capi release version to 1.194.0 or greater\n * Upgrade cf-deployment version to v44.1.0 or greater. This includes a patched capi release"}, {"lang": "es", "value": "Los usuarios autenticados pueden cargar archivos manipulado espec\u00edficamente para filtrar recursos del servidor. Este comportamiento puede usarse potencialmente para ejecutar un ataque de denegaci\u00f3n de servicio contra Cloud Controller. El proyecto Cloud Foundry recomienda actualizar las siguientes versiones: * Actualizar la versi\u00f3n de lanzamiento de capi a 1.194.0 o superior * Actualizar la versi\u00f3n de cf-deployment a v44.1.0 o superior. Esto incluye una versi\u00f3n de capi parcheada"}], "lastModified": "2025-03-17T22:15:12.667", "sourceIdentifier": "security@vmware.com"}

CVE-2024-38826

JSON object

Attach tags to CVE-2024-38826

Attach tags to `CVE-2024-38826`