Garden-runC prevents deletion of some app environments
CVE-2018-11084

6.8MEDIUM

Key Information:

Vendor: Cloud Foundry
Status: Garden-runc
Vendor: CVE Published:; 18 September 2018

🔔 Create Cloud Foundry Vulnerability Alert

What is CVE-2018-11084?

Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps.

Affected Version(s)

Garden-runC all versions < 1.16.1

References

https://www.cloudfoundry.org/blog/cve-2018-11084/

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

CVSS V3.0

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2018
Vulnerability Reserved
May 14, 2018

CVE-2018-11084 Data

JSON