漏洞标题
N/A
漏洞描述信息
在 Cloud Foundry 组件 Cloud Controller 中发现了一个路径遍历漏洞,该漏洞影响cf-release版本在v208之前以及Pivotal Cloud Foundry Elastic Runtime版本在1.4.2之前。路径遍历是通过用户输入的相对文件路径来访问给定目录结构的“爆发”。它旨在访问存储在Web根目录之外的文件和目录,不允许读取或甚至执行任意系统命令。攻击者可以使用文件路径的某些参数来注入 '../' 序列,以便遍历文件系统。在这个特定情况下,远程认证攻击者可以利用 identified 漏洞,将任意文件上传到运行 Cloud Controller 实例的服务器——位于隔离应用程序容器之外。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Pivotal Cloud Foundry Elastic Runtime和cf-release 路径遍历漏洞
漏洞描述信息
Pivotal Cloud Foundry(PCF)是美国Pivotal Software公司的一套开源的平台即服务(PaaS)云计算平台,它提供容器调度、持续交付和自动化服务部署等功能。Elastic Runtime是PCF的一个运行环境。cf-release是CF的一个发布版本。 Pivotal Cloud Foundry Elastic Runtime 1.4.2之前的版本和Cloud Foundry Runtime cf-release 208之前的版本中的Cloud Controller组件存在
CVSS信息
N/A
漏洞类别
路径遍历