cvedb.io
CVE-2022-31733
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2023-02-03T19:15:11.107 · Last modified 2026-06-17T04:46:09.940

Summary

Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then an attacker could connect to an application that should be only reachable via mTLS, without presenting a client certificate.

Affected products

cloudfoundry — cf-deployment

Does this affect you?

Add your gear to cvedb and we'll alert you only when cloudfoundry ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.