MEDIUM🇬🇧 English

CVE-2026-41009

CVSS 4.3v4.0pub. 2026-05-27upd. 2026-06-08

When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by AgentClient. inject_compile_log (line 332-339) reads response['value']['result']['compile_log_id'] and format_exception (line 318-325) reads exception['blobstore_id']; both pass the agent-supplied string unmodified to download_and_delete_blob(blob_id) (line 344-349), which calls @resource_manager.get_resource(blob_id) and, in an ensure block, @resource_manager.delete_resource(blob_id). Api::ResourceManager forwards the id straight to blobstore.get(id) / blobstore.delete(id). When the director is configured with the local blobstore provider, Blobstore::LocalClient#object_file_path(oid) is File.join(@blobstore_path, oid) (local_client.rb:54-56) with no normalisation, so oid = "../../jobs/director/config/director.yml" resolves outside the blobstore root. Affected versions: BOSH Director: All versions prior to v282.1.12

oryginał EN
CVSS Vector
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Cloud Foundry Bosh

    APP
    Cloud Foundry
    < 282.1.12
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2019-11271HIGH7.8ten sam produkt

Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact cre...

CVE-2018-11083HIGH8.1ten sam produkt

Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and...

CVE-2017-4961HIGH8.8ten sam produkt

An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x v...

CVE-2026-41704MEDIUM6.8ten sam produkt

AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) o...

CVE-2018-15800HIGH8.1ten sam vendor

Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remo...