Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2018-1265: Diego does not properly sanitize file paths in tar/zip files

by: June 5, 2018

CVE-2018-1265: Diego does not properly sanitize file paths in tar/zip files

Severity

Critical

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

  • You are using diego-release versions prior to 2.8.0
  • You are using cf-deployment versions prior to v1.37.0

Description

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

  • Releases that have fixed this issue include:
    • diego-release version 2.8.0
    • cf-deployment version v1.37.0

Credit

This issue was responsibly reported by M. Hanselmann.

History

2018-06-05: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

CF Deployment and Percona XtraDB Cluster Release are vulnerable to various MySQL vulnerabilities
Security Advisory

CF Deployment and Percona XtraDB Cluster Release are vulnerable to various MySQL vulnerabilities

by Cloud Foundry Foundation Security Team June 23, 2020
CVE-2017-4992: Privilege escalation with user invitations
Security Advisory

CVE-2017-4992: Privilege escalation with user invitations

by Cloud Foundry Foundation Security Team May 19, 2017
USN-3183-1: GnuTLS Vulnerabilities
Security Advisory

USN-3183-1: GnuTLS Vulnerabilities

by Cloud Foundry Foundation Security Team March 14, 2017
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept