CVE-2017-4961: BOSH Director Shell Injection Vulnerabilities


Share

CVE-2017-4961: BOSH Director Shell Injection Vulnerabilities

Severity

High

Vendor

Cloud Foundry Foundation

Versions Affected

  • BOSH Release:
    • 261.x versions prior to 261.3
    • All 260.x versions

Description

In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • Upgrade to latest BOSH Director 261.x or later [1]

Credit

This issue was responsibly reported by the BOSH Team.

References

  • [1] https://bosh.io/releases/github.com/cloudfoundry/bosh?all=1

History

2017-05-01: Initial vulnerability report published

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES