CVE-2018-1231: BOSH CLI does not restrict access to configuration file
Cloud Foundry Foundation
Affected Cloud Foundry Products and Versions
- You are using BOSH CLI version prior to v3.0.1
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH.
Users of affected versions should apply the following mitigations or upgrades:
- Releases that have fixed this issue include:
- BOSH CLI v3.0.1
This issue was responsibly reported by the Pivotal team.
2018-03-26: Initial vulnerability report published.