CVE-2018-11048: Garden-runC prevents deletion of some app environments


Share

CVE-2018-11048: Garden-runC prevents deletion of some app environments

Severity

Medium

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

  • You are using Garden-runC release versions prior to 1.16.1

Description

Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

  • Releases that have fixed this issue include:
    • Garden-runC release versions 1.16.1

History

2018-08-10: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES