CVE-2023-34041

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-34041
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34041.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-34041
Published
2023-09-08T08:15:07.493Z
Modified
2026-02-14T00:57:50.186590Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.

References

Affected packages

Git / github.com/cloudfoundry/cf-deployment

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/cf-deployment
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4a5d79d5298af90a447042f8a1abc7b6242e5693

Affected versions

v0.*
v0.0.0
v0.0.1
v0.0.2
v0.1.0
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.2.0
v0.2.1
v0.2.2
v0.20.0
v0.21.0
v0.22.0
v0.23.0
v0.24.0
v0.25.0
v0.26.0
v0.27.0
v0.28.0
v0.29.0
v0.3.0
v0.30.0
v0.31.0
v0.32.0
v0.32.1
v0.33.0
v0.34.0
v0.35.0
v0.36.0
v0.37.0
v0.4.0
v0.5.0
v0.7.0
v0.8.0
v0.9.0
v0.9.1
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.27.0
v1.28.0
v1.29.0
v1.3.0
v1.3.1
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.34.0
v1.35.0
v1.36.0
v1.37.0
v1.38.0
v1.39.0
v1.4.0
v1.40.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0
v10.*
v10.0.0
v10.1.0
v11.*
v11.0.0
v11.1.0
v11.2.0
v12.*
v12.0.0
v12.1.0
v12.10.0
v12.11.0
v12.12.0
v12.13.0
v12.14.0
v12.15.0
v12.16.0
v12.17.0
v12.18.0
v12.19.0
v12.2.0
v12.20.0
v12.21.0
v12.22.0
v12.23.0
v12.24.0
v12.25.0
v12.26.0
v12.27.0
v12.28.0
v12.29.0
v12.3.0
v12.30.0
v12.31.0
v12.32.0
v12.33.0
v12.34.0
v12.35.0
v12.36.0
v12.37.0
v12.38.0
v12.39.0
v12.4.0
v12.40.0
v12.41.0
v12.42.0
v12.43.0
v12.44.0
v12.45.0
v12.5.0
v12.6.0
v12.7.0
v12.8.0
v12.9.0
v13.*
v13.0.0
v13.1.0
v13.10.0
v13.11.0
v13.12.0
v13.13.0
v13.14.0
v13.15.0
v13.16.0
v13.17.0
v13.18.0
v13.19.0
v13.2.0
v13.20.0
v13.21.0
v13.22.0
v13.23.0
v13.3.0
v13.4.0
v13.5.0
v13.6.0
v13.7.0
v13.8.0
v13.9.0
v14.*
v14.0.0
v15.*
v15.0.0
v15.1.0
v15.2.0
v15.3.0
v15.4.0
v15.5.0
v15.6.0
v15.7.0
v16.*
v16.0.0
v16.1.0
v16.10.0
v16.11.0
v16.12.0
v16.13.0
v16.14.0
v16.15.0
v16.16.0
v16.17.0
v16.18.0
v16.19.0
v16.2.0
v16.20.0
v16.21.0
v16.22.0
v16.23.0
v16.24.0
v16.25.0
v16.3.0
v16.4.0
v16.5.0
v16.6.0
v16.7.0
v16.8.0
v16.9.0
v17.*
v17.0.0
v17.1.0
v18.*
v18.0.0
v19.*
v19.0.0
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.4.0
v2.5.0
v2.6.0
v2.7.0
v2.8.0
v2.9.0
v20.*
v20.0.0
v20.1.0
v20.2.0
v20.3.0
v20.4.0
v21.*
v21.0.0
v21.1.0
v21.10.0
v21.11.0
v21.2.0
v21.3.0
v21.4.0
v21.5.0
v21.6.0
v21.7.0
v21.8.0
v21.9.0
v22.*
v22.0.0
v22.1.0
v22.2.0
v23.*
v23.0.0
v23.1.0
v23.2.0
v23.3.0
v23.4.0
v23.5.0
v24.*
v24.0.0
v24.1.0
v24.2.0
v24.3.0
v24.4.0
v24.6.0
v24.7.0
v25.*
v25.0.0
v25.1.0
v26.*
v26.0.0
v26.1.0
v26.2.0
v26.3.0
v26.4.0
v26.5.0
v26.6.0
v26.7.0
v27.*
v27.0.0
v27.1.0
v27.2.0
v27.3.0
v27.4.0
v27.5.0
v27.6.0
v27.7.0
v27.8.0
v28.*
v28.0.0
v28.1.0
v28.2.0
v29.*
v29.0.0
v29.1.0
v3.*
v3.0.0
v3.1.0
v3.2.0
v3.3.0
v3.4.0
v3.5.0
v3.6.0
v30.*
v30.0.0
v30.1.0
v30.10.0
v30.2.0
v30.3.0
v30.4.0
v30.5.0
v30.6.0
v30.7.0
v30.8.0
v30.9.0
v31.*
v31.0.0
v31.1.0
v31.2.0
v31.3.0
v31.4.0
v31.5.0
v31.6.0
v32.*
v32.0.0
v32.1.0
v32.2.0
v32.3.0
v4.*
v4.0.0
v4.1.0
v4.2.0
v4.3.0
v4.4.0
v4.5.0
v5.*
v5.0.0
v5.1.0
v5.2.0
v5.3.0
v5.4.0
v5.5.0
v6.*
v6.0.0
v6.1.0
v6.10.0
v6.2.0
v6.3.0
v6.4.0
v6.5.0
v6.6.0
v6.7.0
v6.8.0
v6.9.0
v7.*
v7.0.0
v7.1.0
v7.10.0
v7.11.0
v7.2.0
v7.3.0
v7.4.0
v7.5.0
v7.6.0
v7.8.0
v7.9.0
v8.*
v8.0.0
v8.1.0
v9.*
v9.0.0
v9.1.0
v9.2.0
v9.3.0
v9.4.0
v9.5.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34041.json"