Pivotal Software Cloud Foundry Elastic Runtime 1.6.33 Bypass a restriction or similar Vulnerability
21 Dec. 2016
Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.
As of PCF Elastic Runtime 1.3.0, application containers have a block-by-default network access policy. To enable network access to application containers, PCF Elastic Runtime 1.3.0 introduced a feature called Application Security Groups (ASGs). ASGs are sets of protocols, destinations, and ports an application container may access