Path Traversal Vulnerability in Cloud Foundry's Cloud Controller
CVE-2015-1834

6.5MEDIUM

Key Information:

Vendor

Pivotal

Vendor
CVE Published:
25 May 2017

What is CVE-2015-1834?

A path traversal vulnerability was found in Cloud Foundry's Cloud Controller, impacting specific versions of cf-release and Pivotal Cloud Foundry Elastic Runtime. This vulnerability allows remote authenticated attackers to exploit the system by injecting relative file path sequences, such as '../', enabling navigation through the file system. This may lead to the potential uploading of arbitrary files outside designated application containers, posing significant risks to the application's integrity and security.

Affected Version(s)

Cloud Foundry cf-release versions prior to v208

Cloud Foundry Elastic Runtime versions prior to 1.4.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.