CVE-2023-34041: Medium severity Cloudfoundry Cf-deployment vulnerability

Q: What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2023-34041.

Q: What is the severity of CVE-2023-34041?

The severity of CVE-2023-34041 is medium, with a severity value of 5.3.

Q: How can an attacker exploit this vulnerability?

An unauthenticated attacker can exploit this vulnerability by abusing HTTP Hop-by-Hop Headers, such as B3 or X-B3-SpanID, to affect the identification value recorded in the logs in foundations.

Q: Are there any references available for CVE-2023-34041?

Yes, you can find more information about CVE-2023-34041 at the following link: [https://www.cloudfoundry.org/blog/abuse-of-http-hop-by-hop-headers-in-cloud-foundry-gorouter/](https://www.cloudfoundry.org/blog/abuse-of-http-hop-by-hop-headers-in-cloud-foundry-gorouter/)

Published Sep 8, 2023

Updated

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.

Affected Software

2 affected components

Cloudfoundry Cf-deployment<32.4.0

Cloudfoundry Routing-release<0.278.0

Event History

Sep 8, 2023

CVE Published

08:15 AM

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2023-34041.

What is the severity of CVE-2023-34041?

The severity of CVE-2023-34041 is medium, with a severity value of 5.3.

What software versions are affected by CVE-2023-34041?

Cloud foundry routing release versions prior to 0.278.0 are affected by CVE-2023-34041.

How can an attacker exploit this vulnerability?

An unauthenticated attacker can exploit this vulnerability by abusing HTTP Hop-by-Hop Headers, such as B3 or X-B3-SpanID, to affect the identification value recorded in the logs in foundations.

Are there any references available for CVE-2023-34041?