Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BBR could run arbitrary scripts on deployment VMs
Vulnerability Description
Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable.
CVSS Information
N/A
Vulnerability Type
特权管理不恰当
Vulnerability Title
Cloud Foundry BOSH Backup and Restore CLI 授权问题漏洞
Vulnerability Description
Cloud Foundry BOSH Backup and Restore CLI 1.5.0之前版本中存在安全漏洞,该漏洞源于程序没有检查备份脚本的可靠性。远程攻击者可利用该漏洞在系统上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A