GrootFS Vulnerability in Cloud Foundry Foundation's Product
CVE-2017-14388

7.8HIGH

What is CVE-2017-14388?

The Cloud Foundry Foundation's GrootFS, specifically in its 0.3.x versions before 0.30.0, contains a vulnerability where it fails to validate DiffIDs. This oversight permits attackers to craft malicious image layers that can corrupt the grootfs volume cache. For instance, a corrupt image layer could be recognized by GrootFS as a legitimate Ubuntu base layer, posing significant security risks to deployments utilizing this file system.

Affected Version(s)

GrootFS release GrootFS release 0.3.x prior to 0.30.0 GrootFS release GrootFS release 0.3.x versions prior to 0.30.0

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.