Critical
Cloud Foundry Foundation
Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance.
Users of affected versions should apply the following mitigations or upgrades:
This issue was responsibly reported by the GE Digital Security Team**.**
2018-03-26: Clarified issue description
2018-03-26: Initial vulnerability report published.