Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Pivotal Software Subscribe
Filtered by product Cloud Foundry Diego
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1265 2 Cloudfoundry, Pivotal Software 2 Cf-deployment, Cloud Foundry Diego 2021-08-17 6.5 MEDIUM 7.2 HIGH
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell.