2 matches found
CVE-2017-4964
CVE-2017-4964 concerns the Cloud Foundry Foundation BOSH Azure CPI Release v22. The vulnerability enables a maliciously crafted stemcell to execute arbitrary code on VMs created by the BOSH Director, due to a CPI code injection weakness in the Azure CPI v22. Reported impact is elevated, with loca...
CVE-2017-4964: BOSH Azure CPI code injection vulnerability | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Versions Affected BOSH Azure CPI Release v22 Description The BOSH Azure CPI could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director. Mitigation OSS users are strongly encouraged to follow the...