Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2018-11084: Garden-runC prevents deletion of some app environments

by: August 10, 2018

CVE-2018-11084: Garden-runC prevents deletion of some app environments

Severity

Medium

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

  • You are using Garden-runC release versions prior to 1.16.1

Description

Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

  • Releases that have fixed this issue include:
    • Garden-runC release versions 1.16.1

History

2018-08-10: Initial vulnerability report published.

2018-09-07: Updated CVE ID. Prior version referenced CVE-2018-11048, which is incorrect.

 

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

CVE-2016-6651 Privilege Escalation in UAA
Security Advisory

CVE-2016-6651 Privilege Escalation in UAA

by Cloud Foundry Foundation Security Team September 26, 2016
CVE-2018-1002105: Proxy request handling in kube-apiserver can leave vulnerable TCP connections
Security Advisory

CVE-2018-1002105: Proxy request handling in kube-apiserver can leave vulnerable TCP connections

by Cloud Foundry Foundation Security Team December 5, 2018
CVE-2015-3191 – CSRF attack on change email
Security Advisory

CVE-2015-3191 – CSRF attack on change email

by Cloud Foundry Foundation Security Team June 25, 2015
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept