High severity7.2NVD Advisory· Published Jun 6, 2018· Updated Jun 17, 2026
CVE-2018-1265
CVE-2018-1265
Description
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.8.0
- Cloud Foundry/Diegov5Range: unspecified
Patches
Vulnerability mechanics
References
1- www.cloudfoundry.org/blog/cve-2018-1265/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.