Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. This could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer
Reporter | Title | Published | Views | Family All 5 |
---|---|---|---|---|
NVD | CVE-2017-14388 | 13 Nov 201717:29 | – | nvd |
OSV | CVE-2017-14388 | 13 Nov 201717:29 | – | osv |
Prion | Design/Logic Flaw | 13 Nov 201717:29 | – | prion |
Cloud Foundry | CVE-2017-14388: GrootFS doesn't validate DiffIDs | Cloud Foundry | 9 Nov 201700:00 | – | cloudfoundry |
CVE | CVE-2017-14388 | 13 Nov 201717:29 | – | cve |
[
{
"product": "GrootFS release GrootFS release 0.3.x versions prior to 0.30.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "GrootFS release GrootFS release 0.3.x versions prior to 0.30.0"
}
]
}
]
Source | Link |
---|---|
cloudfoundry | www.cloudfoundry.org/cve-2017-14388/ |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo