Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gorouter allows space developer to hijack route services hosted outside the platform
Vulnerability Description
Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route.
CVSS Information
N/A
Vulnerability Type
业务逻辑错误
Vulnerability Title
Cloud Foundry Routing Release 权限许可和访问控制问题漏洞
Vulnerability Description
Cloud Foundry Routing Release 0.188.0之前版本中存在安全漏洞。攻击者可利用该漏洞绕过安全限制,定向到内部的应用程序。
CVSS Information
N/A
Vulnerability Type
N/A