1227331 – (CVE-2024-37082) VUL-0: CVE-2024-37082: haproxy: bypass of mTLS authentication to applications hosted on Cloud Foundry.

Bug 1227331 (CVE-2024-37082) - VUL-0: CVE-2024-37082: haproxy: bypass of mTLS authentication to applications hosted on Cloud Foundry.

Summary: VUL-0: CVE-2024-37082: haproxy: bypass of mTLS authentication to applications...

Status:	RESOLVED INVALID

Alias:	CVE-2024-37082

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Shapbot Shapbotson
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/412764/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-07-03 09:24 UTC by SMASH SMASH
Modified:	2024-07-03 09:24 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-07-03 09:24:10 UTC

Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry prior to v40.17.0 potentially allows bypass of mTLS authentication to applications hosted on Cloud Foundry.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-37082
https://www.cve.org/CVERecord?id=CVE-2024-37082
https://www.cloudfoundry.org/blog/cve-2024-37082-mtls-bypass/

Comment 1 Robert Frohl 2024-07-03 09:24:30 UTC

not relevant for us, closing