Skip to main content

Improper Output Neutralization for Logs

CVE-2023-34041

Severity Medium
Score 5.3/10

Summary

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like "B3" or "X-B3-SpanID" to affect the identification value recorded in the logs in foundations. This vulnerability also affects github.com/cloudfoundry/gorouter package versions prior to v0.0.0-20230727205201-b820e884e3d1.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-117 - Improper Output Neutralization for Logs

The software does not neutralize or incorrectly neutralizes output that is written to logs.

Advisory Timeline

  • Published