Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2018-1231: BOSH CLI does not restrict access to configuration file

by: March 26, 2018

CVE-2018-1231: BOSH CLI does not restrict access to configuration file

Severity

Medium

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

  • You are using BOSH CLI version prior to v3.0.1

Description

Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

  • Releases that have fixed this issue include:
    • BOSH CLI v3.0.1

Credit

This issue was responsibly reported by the VMware team.

History

2018-03-26: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

CVE-2015-3191 – CSRF attack on change email
Security Advisory

CVE-2015-3191 – CSRF attack on change email

by Cloud Foundry Foundation Security Team June 25, 2015
USN-3227-1: ICU vulnerabilities
Security Advisory

USN-3227-1: ICU vulnerabilities

by Cloud Foundry Foundation Security Team March 31, 2017
CVE-2019-1002101: Kubernetes kubectl – potential directory traversal
Security Advisory

CVE-2019-1002101: Kubernetes kubectl – potential directory traversal

by Cloud Foundry Foundation Security Team April 1, 2019
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept