Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:cloudfoundry:bosh_backup_and_restore:1.3.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-3786 |
Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable. Published: April 24, 2019; 12:29:01 PM -0400 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0: 4.0 MEDIUM |