Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2018-1277: Garden does not correctly enforce Docker image disc quotas

by: April 30, 2018

CVE-2018-1277: Garden does not correctly enforce Docker image disc quotas

Severity

High

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

  • You are using garden-runc-release version prior to 1.13.0
  • You are using cf-deployment version prior to 1.28.0

Description

Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS against the cell.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

  • Releases that have fixed this issue include:
    • garden-runc-release version 1.13.0
    • cf-deployment version 1.28.0

Credit

This issue was responsibly reported by the Garden team.

History

2018-04-30: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-6755-1: GNU cpio vulnerabilities
Security Advisory

USN-6755-1: GNU cpio vulnerabilities

by Cloud Foundry Foundation Security Team July 25, 2024
CVE-2019-11290: UAA logs query parameters in tomcat access file
Security Advisory

CVE-2019-11290: UAA logs query parameters in tomcat access file

by Cloud Foundry Foundation Security Team November 21, 2019
USN-4360-4: json-c vulnerability
Security Advisory

USN-4360-4: json-c vulnerability

by Cloud Foundry Foundation Security Team June 24, 2020
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept