4 matches found
EUVD-2026-42515
Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affecte...
CVE-2026-47829
CVE-2026-47829 describes an argument injection flaw in bosh-cli that lets a compromised BOSH Director inject arbitrary OpenSSH options into the locally-spawned ssh process when operators run non-interactive SSH paths (e.g., bosh ssh -c, bosh logs -f). This can lead to local command execution on t...
CVE-2026-41857
CVE-2026-41857 affects BOSH CLI prior to 7.10.5. A compromised (malicious) BOSH Director can cause arbitrary shell commands to run on the operator’s workstation when using bosh ssh, bosh scp, or bosh logs -f with default flags. Impact is high (confidentiality, integrity, availability). Mitigation...
CVE-2026-47829 - Argument Injection in BOSH CLI Allows Local Command Execution on Operator Workstations via Compromised Director | Cloud Foundry
High CVSSv4: High 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSSv3: High 8.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Vendor CloudFoundry Foundation Versions Affected Severity is High unless otherwise noted. bosh-cli – All versions prior to v7.10.4 Description Argume...