Remote Code Execution (RCE)

BOSH Backup and Restore is vulnerable to remote code execution RCE. A remotely authenticated user is able to request extra backup files in a backup and restore job by modifying the metadata file, resulting in possible execution of arbitrary code...

CVE-2019-3786: BBR could run arbitrary scripts on deployment VMs | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions BOSH Backup and Restore All versions prior to v1.5.0 Description Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote...