Severity

MEDIUM

CVSS 4.0 Score: 6.8 (CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:H)

CVSS 3.1 Score: 5.0 (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N)

Vendor

Cloud Foundry Foundation

Versions Affected

*Severity is MEDIUM unless otherwise noted.

BOSH Director

– All versions prior to v282.1.12 

Description

AgentClient#handle_method (lines 264–303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads 

response[‘value’][‘result’][‘compile_log_id’] (line 332–338) and passes it to download_and_delete_blob. Separately, any response containing ‘exception’ goes through format_exception (lines 308–325), which reads exception[‘blobstore_id’] and also calls download_and_delete_blob. That helper (lines 344–349) calls ResourceManager#get_resource(blob_id) and, in an ensure block,

ResourceManager#delete_resource(blob_id). ResourceManager (resource_manager.rb:62–70) calls blobstore.delete(id) on the single shared Director blobstore with no UUID-format check, no ownership check, and no namespace prefix. For LocalClient (local_client.rb:37–42, 54–56), delete_object does FileUtils.rm(File.join(@blobstore_path, oid)) with no .. rejection. 

Exploit scenario 

Attacker roots one VM in their own deployment. The agent responds to any routine Director request (get_state, apply, ping) with {“value”:{“result”: 

{“compile_log_id”:”<victim-release-blob-id>”}}} or 

{“exception”:{“message”:”x”,”blobstore_id”:”<id>”}}. 

Director fetches then deletes that blob from the shared S3/DAV/GCS bucket. Blob IDs are pushed to agents in apply specs (compiled-package and template blobstore_ids) and sync_dns broadcasts, so the attacker knows valid targets. With local blobstore, compile_log_id: “../../jobs/director/config/director.yml” reads the file contents into the task error message (exfiltration) and deletes it. 

Preconditions 

• Attacker has root on one deployed VM (any team’s deployment) 
• For arbitrary-file impact: Director configured with local blobstore (a supported configuration) 

Additional Remarks 

This is very similar to “Local Blobstore may allow arbitrary reads/deletes”, but this is about lack of validation on ids in general before issuing blobstore commands. While non-local blobstores do not put Director integrity at risk, an attacker could still delete arbitrary blobstore data if they can determine the id (to be fair, attackers who have compromised a downstream VM have blobstore credentials anyways, so there’s little additional privileges acquired via this vulnerability. 

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below.

The Cloud Foundry project recommends upgrading the following releases:
BOSH Director

– Upgrade BOSH Director versions to v282.1.12 or greater

Immediate Workarounds:

– Implement strict network segmentation between deployment VMs and Director

– Monitor blobstore operations for suspicious deletion patterns

– Consider isolating critical deployments to dedicated BOSH Directors

– Implement additional access controls on blobstore operations

Credit

n/a

History

Initial vulnerability report published May 26th