Lucene search
Cloud FoundryCFOUNDRY:911E091275E9F6D220CF82BAF34E9904HistoryMar 26, 2018 - 12:00 a.m.
CVE-2018-1266: Cloud Controller file modification via malicious application | Cloud Foundry
2018-03-2600:00:00
Cloud Foundry
www.cloudfoundry.org
42
0.001 Low
EPSS
Percentile
38.8%
Severity
Critical
Vendor
Cloud Foundry Foundation
Affected Cloud Foundry Products and Versions
- You are using Cloud Controller version prior to 1.52.0
- You are using cf-deployment version prior to 1.21.0
Description
Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance.
Mitigation
Users of affected versions should apply the following mitigations or upgrades:
- Releases that have fixed this issue include:
- Cloud Controller 1.52.0
- cf-deployment 1.21.0
Credit
This issue was responsibly reported by the GE Digital Security Team**.**
History
2018-03-26: Clarified issue description
2018-03-26: Initial vulnerability report published.
Related
ibm
ibm
cvelist
cvelist
CVE-2018-1266
2018-03-26 00:00:00
nvd
nvd
CVE-2018-1266
2018-03-27 16:29:00
cve
cve
CVE-2018-1266
2018-03-27 16:29:00
prion
prion
Path traversal
2018-03-27 16:29:00
osv
osv
CVE-2018-1266
2018-03-27 16:29:00