CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11084 – Garden-runC prevents deletion of some app environments
https://notcve.org/view.php?id=CVE-2018-11084
18 Sep 2018 — Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps. Cloud Foundry Garden-runC release, en versiones anteriores a la 1.16.1, evita la eliminación de algunos entornos de aplicación basados en atributos de archivo. Un usuario autenticado remoto malicioso podrí... • https://www.cloudfoundry.org/blog/cve-2018-11084 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1277
https://notcve.org/view.php?id=CVE-2018-1277
30 Apr 2018 — Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS against the cell. Cloud Foundry Garden-runC, en versiones anteriores a la 1.13.0, no aplica correctamente las cuotas de disco para las capas de imagen Docker. Un usuario autenticado remoto podría insertar una aplicación... • https://www.cloudfoundry.org/blog/cve-2018-1277 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1191
https://notcve.org/view.php?id=CVE-2018-1191
29 Mar 2018 — Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials. Cloud Foundry Garden-runC, en versiones anteriores a la 1.11.0, contiene una vulnerabilidad de exposición de información. Un usuario con acceso a los registros de Garden podría ser capaz de obtener credenciales filtradas y realizar acciones autenticadas mediante el uso de esas... • https://www.cloudfoundry.org/blog/cve-2018-1191 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-215: Insertion of Sensitive Information Into Debugging Code •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5350
https://notcve.org/view.php?id=CVE-2015-5350
19 Mar 2018 — In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read files on the host system that the BOSH-created vcap user has permissions to read and then package them into their app droplet. De las versiones 0.22.0-0.329.0 de Garden, se ha descubierto una vulnerabilidad en el ejecut... • https://pivotal.io/security/cve-2015-5350 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2016-0761
https://notcve.org/view.php?id=CVE-2016-0761
25 May 2017 — Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host. Garden-Linux versiones anteriores a v0.333.0 y Elastic Runtime versiones 1.6.x anteriores a 1.6.17 de Cloud Foundry, contienen un fallo en la administración de archivos de contenedor durante la preparaci... • https://pivotal.io/security/cve-2016-0761 • CWE-19: Data Processing Errors •