github.com/cloudfoundry-attic/garden-linux is vulnerable to file traversal attacks. The garden-linux nstar executable allows attackers to read files within the host system that the BOSH-created vcap user has permission to read. This can be done by staging an application on Cloud Foundry using Diego or Garden and using a custom buildpack.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/cloudfoundry-attic/garden-linux | eq | HEAD |