VYPR

BOSH Director

by Cloudfoundry

CVEs (5)

  • CVE-2016-4435CriMay 25, 2017
    risk 0.59cvss 9.0epss 0.01

    An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated…

  • CVE-2026-41010HigJun 4, 2026
    risk 0.53cvss 8.2epss 0.00

    ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where name returns @job_meta['name'], a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded…

  • CVE-2019-11271HigJun 19, 2019
    risk 0.51cvss 7.8epss 0.00

    Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest.

  • CVE-2026-41009MedMay 27, 2026
    risk 0.38cvss 5.8epss 0.00

    When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by AgentClient. inject_compile_log (line 332-339) reads response['value']['result']['compile_log_id'] and format_exception (line 318-325) reads exception['blobstore_id'];…

  • CVE-2026-41704MedMay 27, 2026
    risk 0.33cvss 5.0epss 0.00

    AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads response['value']['result']['compile_log_id'] (line 332-338) and passes it to download_and_delete_blob. Separately, any response containing…