CVE-2019-3786
Cloud Foundry BOSH Backup and Restore CLI (all versions before v1.5.0) does not validate backup-script authenticity in BOSH. A remote authenticated attacker can modify the metadata of a BBR job to request extra backup files from different jobs during restore. The vulnerable hooks are in the cfcr-...