CVE-2024-37082 - Cloud Foundry Bypassing mTLS Authentication in HAProxy and the Impact on Application Security

Recent findings have discovered a significant vulnerability in Cloud Foundry when deployed together with the haproxy-boshrelease that could potentially allow attackers to bypass mTLS (mutual Transport Layer Security) authentication. This security flaw has been assigned the CVE identifier CVE-2024-37082. If the vulnerability is exploited within your system, unauthorized attackers could gain access to your Cloud Foundry applications.

Cloud Foundry is a widely-used open-source platform as a service (PaaS) that enables developers to deploy, manage, and scale applications. The vulnerability in question affects certain configurations of the haproxy-boshrelease when used with Cloud Foundry.

Affected Configurations

If you are using Cloud Foundry with route-services enabled in routing-release and have configured the haproxy-boshrelease property “ha_proxy.forwarded_client_cert” to “forward_only_if_route_service”, your system could be vulnerable to this attack.

Exploit Details

The vulnerability allows attackers to craft specific HTTP requests to bypass mTLS authentication. This can be achieved by exploiting a misconfiguration in the HAProxy setup when non-default configurations are used.

Here is an example of the code snippet that may be used for crafting malicious HTTP requests

import requests
url = "https://example.com";
headers = {
    "X-Bypass-TLS-Auth": "1"
}
response = requests.get(url, headers=headers)

In this code snippet, an attacker sends an HTTP GET request with a custom header "X-Bypass-TLS-Auth" set to "1". This header is not used or validated within the Cloud Foundry system but will be passed through to affected HAProxy instances. If the HAProxy configuration is vulnerable, the malicious request will bypass mTLS authentication and gain access to the application.

To mitigate this vulnerability, follow these steps

1. Upgrade routing-release to version .206. or later.
2. Upgrade haproxy-boshrelease to version 11..3 or later.

These upgrades contain fixes that prevent the unauthorized bypassing of mTLS authentication and ensure the security of your Cloud Foundry applications.

Conclusion

CVE-2024-37082 presents a significant risk to the security of your Cloud Foundry applications. By following the steps outlined above, you can mitigate this vulnerability and prevent unauthorized access by malicious attackers.

It is crucial to stay informed about security updates and vulnerability patches for your systems. Regularly review the original references and similar resources to maintain the highest level of security for your deployments:

- Original CVE Record
- Cloud Foundry Routing Release
- Cloud Foundry HAProxy BOSH Release

Remember, taking proactive steps to protect your systems can save you from significant security breaches, potential financial loss, and damage to your company's reputation.

Timeline

Published on: 07/03/2024 06:15:03 UTC
Last modified on: 07/12/2024 17:15:10 UTC