Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cloud Foundry Diego 安全漏洞
Vulnerability Description
Cloud Foundry Diego是美国Cloud Foundry基金会的一套使用在Cloud Foundry云计算平台中的容器管理系统。 Cloud Foundry Diego 2.8.0之前版本中存在安全漏洞,该漏洞源于程序没有正确过滤tar和zip文件包头中的文件路径。远程攻击者可通过上传恶意buildpack利用该漏洞获取运行在Diego Cell所有app的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A