First published: Wed Oct 27 2021(Updated: )
Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query.
Credit: security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cloudfoundry Capi-release | <1.118.0 | |
Cloudfoundry Cf-deployment | <16.24.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-22101.
The severity of CVE-2021-22101 is high.
The affected software for CVE-2021-22101 is Cloudfoundry Capi-release version up to 1.118.0 and Cloudfoundry Cf-deployment version up to 16.24.0.
Unauthenticated attackers can exploit CVE-2021-22101 by using REST HTTP requests with label_selectors on multiple V3 endpoints to generate an enormous SQL query.
Yes, updating to Cloud Controller version 1.118.0 or later will fix the vulnerability.