Cloud FoundryCFOUNDRY:F64A880F696DB3DA8BC133B954F02672CVE-2015-1330 Unattended-Upgrades Vulnerability | Cloud Foundry
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
51.4%
CVE-2015-1330 Unattended-Upgrades Vulnerability
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 14.04 LTS
Description
It was found that for some configurations, unattended-upgrades would not properly perform authentication checks on packages prior to installation. An attacker could thus trick unattended-upgrades into installing altered packages.
Affected Products and Versions
Severity is medium unless otherwise noted.
- Any Cloud Foundry deployment with Ubuntu Trusty BOSH stemcells 3003 and prior.
Mitigation
Users of affected versions should apply the following mitigation:
- BOSH stemcell 3004 contains the patched version of unattended-upgrades that resolves CVE-2015-1330. The Cloud Foundry team recommends upgrading to BOSH stemcell 3004 or higher to address this concern.
Credit
Canonical Ubuntu
References
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
51.4%