CVE-2017-4961: BOSH Director Shell Injection Vulnerabilities

Severity

High

Vendor

Cloud Foundry Foundation

Versions Affected

BOSH Release:
- 261.x versions prior to 261.3
- All 260.x versions

Description

In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

Upgrade to latest BOSH Director 261.x or later [1]

Credit

This issue was responsibly reported by the BOSH Team.

References

[1] https://bosh.io/releases/github.com/cloudfoundry/bosh?all=1

History

2017-05-01: Initial vulnerability report published

CVE-2017-4961: BOSH Director Shell Injection Vulnerabilities

CVE-2017-4961: BOSH Director Shell Injection Vulnerabilities

Severity

Vendor

Versions Affected

Description

Mitigation

Credit

References

History

You Might Also Like

USN-4014-1: GLib vulnerability

USN-3063-1 Fontconfig vulnerability

USN-5844-1: OpenSSL vulnerabilities

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!