Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2017-4961: BOSH Director Shell Injection Vulnerabilities

by: May 1, 2017

CVE-2017-4961: BOSH Director Shell Injection Vulnerabilities

Severity

High

Vendor

Cloud Foundry Foundation

Versions Affected

  • BOSH Release:
    • 261.x versions prior to 261.3
    • All 260.x versions

Description

In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • Upgrade to latest BOSH Director 261.x or later [1]

Credit

This issue was responsibly reported by the BOSH Team.

References

  • [1] https://bosh.io/releases/github.com/cloudfoundry/bosh?all=1

History

2017-05-01: Initial vulnerability report published

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-5848-1: less vulnerability
Security Advisory

USN-5848-1: less vulnerability

by Cloud Foundry Foundation Security Team April 20, 2023
CVE-2016-6653 MySQL Audit logs sent to Syslog
Security Advisory

CVE-2016-6653 MySQL Audit logs sent to Syslog

by Cloud Foundry Foundation Security Team September 29, 2016
USN-3759-1: libtirpc vulnerabilities
Security Advisory

USN-3759-1: libtirpc vulnerabilities

by Cloud Foundry Foundation Security Team September 27, 2018
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept