Container Files Management Flaw in Cloud Foundry Garden-Linux and Elastic Runtime
CVE-2016-0761

9.8CRITICAL

Key Information:

Vendor

Pivotal

Vendor
CVE Published:
25 May 2017

What is CVE-2016-0761?

A vulnerability exists in Cloud Foundry Garden-Linux and Elastic Runtime that affects file management during the Docker image preparation process. This flaw may allow an unauthorized actor to delete, corrupt, or overwrite host files and directories, including the filesystems of other containers on the host, thereby compromising system integrity and security.

Affected Version(s)

Cloud Foundry Garden-Linux versions prior to v0.333.0

Cloud Foundry Elastic Runtime 1.6.x version prior to 1.6.17.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.