Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query.
References
Link | Resource |
---|---|
https://www.cloudfoundry.org/blog/cve-2021-22101-cloud-controller-is-vulnerable-to-unauthenticated-denial-of-service/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2021-10-27T14:18:07
Updated: 2021-10-27T14:18:07
Reserved: 2021-01-04T00:00:00
Link: CVE-2021-22101
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-10-27T15:15:07.597
Modified: 2021-10-29T01:46:23.050
Link: CVE-2021-22101
JSON object: View
Redhat Information
No data.
CWE