Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CF networking internal policy server SQL injection
Vulnerability Description
Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue arbitrary SQL queries and gain access to the policy server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cloud Foundry CF Networking Release SQL注入漏洞
Vulnerability Description
Cloud Foundry CF Networking Release是美国Cloud Foundry基金会的一款为Cloud Foundry提供基于策略的容器网络的程序。 Cloud Foundry CF Networking Release 2.16.0之前的2.11.0版本中的内部api端点存在SQL注入漏洞。远程攻击者可借助mTLS证书利用该漏洞发送任意SQL查询语句,获取对policy服务器的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A