{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-34041","assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","state":"PUBLISHED","assignerShortName":"vmware","dateReserved":"2023-05-25T17:21:56.201Z","datePublished":"2023-09-08T07:22:00.607Z","dateUpdated":"2024-08-02T15:54:14.253Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows","Linux","iOS","Android","x86","ARM","64 bit","MacOS","32 bit"],"product":"Routing","vendor":"Cloud Foundry","versions":[{"lessThan":"0.278.0","status":"affected","version":"all","versionType":"0.278.0"}]},{"defaultStatus":"unaffected","platforms":["Windows","Linux","iOS","Android","x86","ARM","64 bit","MacOS","32 bit"],"product":"CF Deployment","vendor":"Cloud Foundry","versions":[{"lessThan":"32.4.0","status":"affected","version":"all","versionType":"32.4.0"}]}],"datePublic":"2023-09-07T10:31:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.</span><br>"}],"value":"Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware","dateUpdated":"2023-09-08T07:22:00.607Z"},"references":[{"url":"https://www.cloudfoundry.org/blog/abuse-of-http-hop-by-hop-headers-in-cloud-foundry-gorouter/"}],"source":{"discovery":"UNKNOWN"},"title":"CVE-2023-34041-Abuse of HTTP Hop-by-Hop Headers in Cloud Foundry Gorouter","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T15:54:14.253Z"},"title":"CVE Program Container","references":[{"url":"https://www.cloudfoundry.org/blog/abuse-of-http-hop-by-hop-headers-in-cloud-foundry-gorouter/","tags":["x_transferred"]}]}]}}