Cloud FoundryCFOUNDRY:323B54802B4E560DE9959FFB9358F151CVE-2016-0761 Docker Image Host Files Corruption | Cloud Foundry
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
64.7%
CVE-2016-0761 Docker Image Host Files Corruption
Critical
Vendor
Cloud Foundry Foundation
Description
Garden linux contains a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host.
Affected Products and Versions
- All Cloud Foundry Garden-Linux versions prior to and including v0.332.0.
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry Foundation recommends that all deployments of Garden-Linux are upgraded to v0.333.0
Credit
Swisscom / SEC Consult
References
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
64.7%