CVE-2016-0761 — Garden Linux vulnerability

CWE-193 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.6%

top 31.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Garden Linux Pivotal Cloud Foundry Pivotal Software Cloud Foundry Elastic Runtime

Timeline

PublishedMay 25

Latest updateMay 13

Description

Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDcloudfoundry/garden_linux0.332.0

▶NVDpivotal_software/cloud_foundry_elastic_runtime17 versions+16

▶CVEListV5pivotal/cloud_foundryElastic Runtime 1.6.x version prior to 1.6.17., Garden-Linux versions prior to v0.333.0+1

🔴Vulnerability Details

GHSA

GHSA-2c5j-c3wx-m67f: Cloud Foundry Garden-Linux versions prior to v0↗2022-05-13

▶

CVEList

CVE-2016-0761: Cloud Foundry Garden-Linux versions prior to v0↗2017-05-25

▶