Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2018-11084: Garden-runC prevents deletion of some app environments

by: August 10, 2018

CVE-2018-11084: Garden-runC prevents deletion of some app environments

Severity

Medium

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

  • You are using Garden-runC release versions prior to 1.16.1

Description

Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

  • Releases that have fixed this issue include:
    • Garden-runC release versions 1.16.1

History

2018-08-10: Initial vulnerability report published.

2018-09-07: Updated CVE ID. Prior version referenced CVE-2018-11048, which is incorrect.

 

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-4205-1: SQLite vulnerabilities
Security Advisory

USN-4205-1: SQLite vulnerabilities

by Cloud Foundry Foundation Security Team December 18, 2019
USN-3584-1: sensible-utils vulnerability
Security Advisory

USN-3584-1: sensible-utils vulnerability

by Cloud Foundry Foundation Security Team May 2, 2018
USN-3193-1: Nettle vulnerability
Security Advisory

USN-3193-1: Nettle vulnerability

by Cloud Foundry Foundation Security Team March 14, 2017
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept