Lucene search
K

7 matches found

EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-42514

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS7.1AI score
Exploits0References2
EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-42515

Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affecte...

8.3CVSS7.4AI score
Exploits0References2
CVE
CVE
added 5 hours ago10 views

CVE-2026-47828

The CVE affects bosh-cli versions prior to 7.10.4. During bosh create-env/delete-env, the CLI uploads CPI packages and rendered job templates to the VM’s DAV blobstore over HTTPS without verifying the server certificate, despite a CA certificate being present in the manifest. This enables a netwo...

8.9CVSS7.1AI score
Exploits0References1
CVE
CVE
added 5 hours ago10 views

CVE-2026-47826

The CVE-2026-47826 issue affects the BOSH CLI tool, specifically a blobs.yml path traversal flaw that enables an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions are all prior to v7.10.4. The vulnerability stems from how blobs.yml paths are resolved, enabl...

8.8CVSS7.3AI score
Exploits0References1
CVE
CVE
added 6 hours ago10 views

CVE-2026-41857

CVE-2026-41857 affects BOSH CLI prior to 7.10.5. A compromised (malicious) BOSH Director can cause arbitrary shell commands to run on the operator’s workstation when using bosh ssh, bosh scp, or bosh logs -f with default flags. Impact is high (confidentiality, integrity, availability). Mitigation...

7.8CVSS7.3AI score
Exploits0References1
Cloud Foundry
Cloud Foundry
added yesterday3 views

CVE-2026-47829 - Argument Injection in BOSH CLI Allows Local Command Execution on Operator Workstations via Compromised Director | Cloud Foundry

High CVSSv4: High 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSSv3: High 8.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Vendor CloudFoundry Foundation Versions Affected Severity is High unless otherwise noted. bosh-cli – All versions prior to v7.10.4 Description Argume...

8.3CVSS6.2AI score
Exploits0
CNVD
CNVD
added 2018/03/29 12:0 a.m.4 views

Cloud Foundry BOSH CLI Access Control Error Vulnerability

Cloud Foundry CF is a set of open source Platform-as-a-Service PaaS cloud computing platforms from the U.S.-based Cloud Foundry Foundation, which provides container scheduling, continuous delivery, and automated service deployment.BOSH CLI is one of the command-line tools. An access control error...

8.8CVSS6.7AI score0.01003EPSS
Exploits0References1
Rows per page
Query Builder