CVE-2017-4964: BOSH Azure CPI code injection vulnerability
Cloud Foundry Foundation
- BOSH Azure CPI Release v22
The BOSH Azure CPI could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director.
OSS users are strongly encouraged to follow the mitigation below:
- Update your BOSH Director to use v23  or later of the Azure CPI release
Paul Nikonowicz and Sunjay Bhatia
2017-04-04: Initial vulnerability report published