13 matches found
CVE-2026-47829
CVE-2026-47829 describes an argument injection flaw in bosh-cli that lets a compromised BOSH Director inject arbitrary OpenSSH options into the locally-spawned ssh process when operators run non-interactive SSH paths (e.g., bosh ssh -c, bosh logs -f). This can lead to local command execution on t...
CVE-2026-47826 - blobs.yaml Path Traversal Allows File Writes | Cloud Foundry
HIGH CVSSv4: High 8.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSSv3: High 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. BOSH CLI tool – All versions prior to v7.10.4 Description T...
CVE-2026-47828 - Missing TLS Certificate Verification in BOSH CLI Allows Root Code Execution via Man-in-the-Middle Credential Replay | Cloud Foundry
CVSS Score: High 8.9 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSSv3: High 7.1 CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Vendor BOSH-Ecosystem / BOSH bosh-cli Versions Affected Severity is High unless otherwise noted. bosh-cli – All versions prior to v7.10.4 Description...
EUVD-2018-11864
Malware in sbrugna...
Malicious code in bosh-cli_plugin_redis (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in bosh-cli_plugin_consul (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious Package
Overview bosh-clipluginconsul is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview bosh-clipluginredis is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Incorrect Access Controls
github.com/cloudfoundry/bosh-cli uses incorrect access controls. If a user has access to an instance, they can use the contents of the BOSH CLI configuration file to perform authenticated requests to BOSH...
CVE-2018-1231
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH...
CVE-2018-1231
CVE-2018-1231 affects Cloud Foundry BOSH CLI prior to v3.0.1. The issue is improper access control: a user with access to an instance can read the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH. Impact is described in sources as enabling authenticated a...
CVE-2018-1231
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH...
CVE-2018-1231: BOSH CLI does not restrict access to configuration file | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using BOSH CLI version prior to v3.0.1 Description Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the...