漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
Cloud Foundry CAPI 信任管理问题漏洞
Vulnerability Description
Cloud Foundry CAPI是美国Cloud Foundry基金会的一个云控制器。 Cloud Foundry CAPI 1.140 到 1.152.0版本、Loggregator-agent v7+、CF Deployment 24.7.0 到 29.0.0版本存在安全漏洞,该漏洞源于Cloud foundry 实例以及 loggregator-agent v7+ 可能会覆盖其他用户的 syslog drain 凭据,攻击者利用该漏洞可以覆盖私钥并添加或修改用于连接的证书颁发机构。
CVSS Information
N/A
Vulnerability Type
N/A