3 matches found
CVE-2019-3786
Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. Th...
CVE-2019-3786
Cloud Foundry BOSH Backup and Restore CLI (all versions before v1.5.0) does not validate backup-script authenticity in BOSH. A remote authenticated attacker can modify the metadata of a BBR job to request extra backup files from different jobs during restore. The vulnerable hooks are in the cfcr-...
CVE-2019-3786 BBR could run arbitrary scripts on deployment VMs
Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. Th...