Home
HIGH: 8.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:NHIGH: 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HDefault status
unaffected
Any version before 7.10.4
affected
Description
The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4.
Problem types
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Product status
Any version before 7.10.4
References
www.cloudfoundry.org/...l-path-traversal-allows-file-writes/