An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.
[
{
"product": "Cloud Foundry",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "BOSH stemcell versions prior to 3232.6 and 3146.13"
}
]
}
]