Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer.
References
Link | Resource |
---|---|
https://www.cloudfoundry.org/cve-2017-14388/ | Issue Tracking Vendor Advisory |
https://www.cloudfoundry.org/cve-2017-14388/ | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:12
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cloudfoundry.org/cve-2017-14388/ - Issue Tracking, Vendor Advisory |
Information
Published : 2017-11-13 17:29
Updated : 2024-11-21 03:12
NVD link : CVE-2017-14388
Mitre link : CVE-2017-14388
CVE.ORG link : CVE-2017-14388
JSON object : View
Products Affected
pivotal_software
- grootfs
CWE
CWE-20
Improper Input Validation