Unrated severityNVD Advisory· Published Apr 24, 2019· Updated Sep 17, 2024
BBR could run arbitrary scripts on deployment VMs
CVE-2019-3786
Description
Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.5.0
- Cloud Foundry/BOSH Backup and Restorev5Range: All
Patches
Vulnerability mechanics
References
1- www.cloudfoundry.org/blog/cve-2019-3786mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.