HIGH🇵🇱 Wersja polska

CVE-2017-4961

CVSS 8.8v3.0pub. 2017-06-13upd. 2026-05-13

An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell Injection Vulnerabilities."

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Cloud Foundry Bosh

    APP
    Cloud Foundry
    260260.1260.2260.3260.4260.5260.6260.7261261.1261.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-11271HIGH7.8ten sam produkt

Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact cre...

CVE-2018-11083HIGH8.1ten sam produkt

Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and...

CVE-2026-41009MEDIUM4.3ten sam produkt

When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by A...

CVE-2026-41704MEDIUM6.8ten sam produkt

AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) o...

CVE-2018-15800HIGH8.1ten sam vendor

Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remo...