CVE-2019-11271

Cloud Foundry BOSH 270.x versions prior to 270.1.1 contain a BOSH Director that does not redact credentials when configured to use a MySQL database. A local authenticated attacker can read credentials contained in a BOSH manifest. Affected product/version: Cloud Foundry BOSH (270.x) before 270.1....

CVE-2017-4961

CVE-2017-4961 affects Cloud Foundry Foundation’s BOSH Director (BOSH Release 261.x before 261.3 and all 260.x). An authenticated Director user can supply a malicious checksum, enabling privilege escalation on the Director VM ("BOSH Director Shell Injection Vulnerabilities"). Practical impact is e...

CVE-2018-11083

CVE-2018-11083 affects Cloud Foundry BOSH prior to 264.14.0, 265.7.0, 266.8.0, and 267.2.0. The root cause is that BOSH accepts admin refresh tokens issued by UAA as if they were access tokens, allowing a remote attacker with such a token to access BOSH resources even after the attacker’s user sh...

CVE-2026-41704

CVE-2026-41704 affects BOSH Director prior to v282.1.12. The issue arises from AgentClient#handle_method handling NATS responses: it may invoke inject_compile_log and format_exception, and the blobstore resource flow calls ResourceManager#get_resource(blob_id) followed by ResourceManager#delete_r...

CVE-2026-41009

CVE-2026-41009 affects BOSH Director: all versions prior to v282.1.12. The vulnerability arises when the director uses a local blobstore; Blobstore::LocalClient#object_file_path joins the blobstore path with the provided oid without normalisation, enabling path traversal (e.g., oid = "../../jobs/...