Improper Output Neutralization for Logs
CVE-2023-34041
Summary
Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like "B3" or "X-B3-SpanID" to affect the identification value recorded in the logs in foundations. This vulnerability also affects github.com/cloudfoundry/gorouter package versions prior to v0.0.0-20230727205201-b820e884e3d1.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- NONE
- NONE
CWE-117 - Improper Output Neutralization for Logs
The software does not neutralize or incorrectly neutralizes output that is written to logs.
Advisory Timeline
- Published