Lucene search
+L

439 matches found

EUVD
EUVD
added 2026/07/09 6:7 a.m.7 views

EUVD-2026-42514

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS7.1AI score0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 6:7 a.m.37 views

CVE-2026-47828 Missing TLS Certificate Verification in BOSH CLI Allows Root Code Execution via Man-in-the-Middle Credential Replay

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 6:7 a.m.17 views

CVE-2026-47828

The CVE affects bosh-cli versions prior to 7.10.4. During bosh create-env/delete-env, the CLI uploads CPI packages and rendered job templates to the VM’s DAV blobstore over HTTPS without verifying the server certificate, despite a CA certificate being present in the manifest. This enables a netwo...

8.9CVSS7.1AI score0.00148EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/09 6:7 a.m.9 views

CVE-2026-47828

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS7.1AI score0.00148EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/09 5:45 a.m.37 views

CVE-2026-47826 blobs.yaml Path Traversal Allows File Writes

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...

8.8CVSS0.00337EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 5:45 a.m.6 views

EUVD-2026-42507

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...

8.8CVSS7.3AI score0.00337EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 5:45 a.m.15 views

CVE-2026-47826

CVE-2026-47826 is a directory traversal vulnerability in the BOSH CLI (blobs.yaml path). Affected are BOSH CLI versions before v7.10.4; exploitation can allow an attacker to write arbitrary files and exfiltrate sensitive data via crafted input in blobs.yaml. Connected advisories from Snyk describ...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/09 4:31 a.m.10 views

CVE-2026-41857

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...

7.8CVSS7.3AI score0.00148EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/09 4:31 a.m.32 views

CVE-2026-41857 BOSH CLI Shell Injection

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...

7.8CVSS0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 4:31 a.m.13 views

CVE-2026-41857

CVE-2026-41857 affects BOSH CLI prior to 7.10.5. A compromised (malicious) BOSH Director can cause arbitrary shell commands to run on the operator’s workstation when using bosh ssh, bosh scp, or bosh logs -f with default flags. Impact is high (confidentiality, integrity, availability). Mitigation...

7.8CVSS7.3AI score0.00148EPSS
Exploits0References1Affected Software1
Cloud Foundry
Cloud Foundry
added 2026/07/08 12:0 a.m.8 views

CVE-2026-47826 - blobs.yaml Path Traversal Allows File Writes | Cloud Foundry

HIGH CVSSv4: High 8.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSSv3: High 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. BOSH CLI tool – All versions prior to v7.10.4 Description T...

9.1CVSS6AI score0.00337EPSS
Exploits0
Cloud Foundry
Cloud Foundry
added 2026/07/08 12:0 a.m.4 views

CVE-2026-47828 - Missing TLS Certificate Verification in BOSH CLI Allows Root Code Execution via Man-in-the-Middle Credential Replay | Cloud Foundry

CVSS Score: High 8.9 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSSv3: High 7.1 CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Vendor BOSH-Ecosystem / BOSH bosh-cli Versions Affected Severity is High unless otherwise noted. bosh-cli – All versions prior to v7.10.4 Description...

8.9CVSS6AI score0.00148EPSS
Exploits0
Cloud Foundry
Cloud Foundry
added 2026/07/08 12:0 a.m.7 views

CVE-2026-41857 - BOSH CLI Shell Injection | Cloud Foundry

High ● CVSSv4: High 7.1CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N ● CVSSv3: High 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Vendor CloudFoundry BOSH Versions Affected Severity is High unless otherwise noted. BOSH CLI – All versions prior to 7.10.5 inclusive Description ...

7.8CVSS6.2AI score0.00148EPSS
Exploits0
Cloud Foundry
Cloud Foundry
added 2026/07/08 12:0 a.m.6 views

CVE-2026-47831 - Cryptographically Weak Password Generation in bosh-windows-stemcell-builder Allows Remote SSH Brute-Force Attacks | Cloud Foundry

High CVSSv4: High 7.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSSv3: High 7.5 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Vendor Cloud Foundry Foundation Versions Affected Severity is High unless otherwise noted. bosh-windows-stemcell-builder – All versions prior to...

7.7CVSS6AI score0.00191EPSS
Exploits0
Cloud Foundry
Cloud Foundry
added 2026/07/08 12:0 a.m.7 views

CVE-2026-47829 - Argument Injection in BOSH CLI Allows Local Command Execution on Operator Workstations via Compromised Director | Cloud Foundry

High CVSSv4: High 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSSv3: High 8.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Vendor CloudFoundry Foundation Versions Affected Severity is High unless otherwise noted. bosh-cli – All versions prior to v7.10.4 Description Argume...

8.3CVSS6.2AI score0.00225EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.13 views

CVE-2026-41860

CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...

8.8CVSS5.4AI score0.00074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.14 views

CVE-2026-41859

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...

7.8CVSS5.5AI score0.00098EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-41011

PackagePersister.validatetgz builds "tar -tf tgz 2&1" where tgz = File.joinreleasedir, 'packages', "name.tgz" and name = packagemeta'name' comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x — i.e., /bin/sh -c. No...

8.7CVSS5.5AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-41010

ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...

8.7CVSS5.7AI score0.00122EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 4:17 a.m.17 views

CVE-2026-41010

ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...

8.7CVSS0.00122EPSS
Exploits0References1
Rows per page
Query Builder