PT-2019-16716 · Cloud Foundry · Cloud Foundry Bosh Backup/Restore Cli

Publicado

2019-04-24

Atualizado

2020-10-16

CVE-2019-3786

CVSS v3.1

7.7

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cloud Foundry BOSH Backup and Restore CLI versions prior to 1.5.0

Description The issue allows a remote authenticated malicious user to modify the metadata file of a BOSH Backup and Restore job, enabling them to request extra backup files from different jobs upon restore. This is possible because the authenticity of backup scripts in BOSH is not checked. The vulnerability specifically affects clusters deployed with the BBR job for etcd in the cfcr-etcd-release.

Recommendations For Cloud Foundry BOSH Backup and Restore CLI versions prior to 1.5.0, update to version 1.5.0 or later to resolve the issue.

Correção

Improper Privilege Management

Insufficient Verification of Data Authenticity

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269CWE-345

Identificadores relacionados

CVE-2019-3786

Produtos afetados

Cloud Foundry Bosh Backup/Restore Cli

PT-2019-16716 · Cloud Foundry · Cloud Foundry Bosh Backup/Restore Cli

CVE-2019-3786

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3