From bleepingcomputer.com
Cloudflare’s Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls.
This bypass could put Cloudflare’s customers under a heavy burden, rendering the protection systems of the internet firm less effective.
To make matters worse, the only requirement for the attack is for the hackers to create a free Cloudflare account, which is used as part of the attack.
However, it should be noted that the attackers must know a targeted web server’s IP address to abuse these flaws.