📦

bosh_backup_and_restore

Name: bosh_backup_and_restore
Author: WatchStack

Vendor: cloudfoundry

Login to add this product to WatchStack

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 1 Total Indexed

Avg. EPSS 0.09% Exploit Prob.

Latest CVE CVE-2019-3786 Apr 24

Security Vulnerability Index

Page 1 / 1

7.1 CVSS

CVE-2019-3786

Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable.

EPSS: 0.09%

Severity: HIGH

Apr 24, 2019

Displaying 1 of 1 Total Entries

1

Total 1 Sections