CVE-2017-4961

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-4961

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-4961.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-4961

Published

2017-06-13T06:29:00Z

Modified

2025-04-20T03:48:16.126289Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell Injection Vulnerabilities."

References

https://www.cloudfoundry.org/cve-2017-4961/

Affected packages

Git / github.com/cloudfoundry/bosh

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/bosh
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1d9e94535d1610a3b7a3cf8ad18f03e95f4f116a

Last affected

2541d80f528c80f4c2e7675c8efca6065d386639

Last affected

34e8eee8ecb1846b60f28495ce91c4fb3f3a75b7

Last affected

482da3cf8af4ccec0d29373fc57345e3315fb49d

Last affected

523251dee4c4fae1713a3ec0e150f83900fa1efe

Last affected

68c1c55ccfae9d69f9800b7bec6ea67acb1040a1

Last affected

f419326cad3e642ed4a5e6d893688c0766d7b259

Last affected

f98ec486516cc04473c1948abe167f373819c381

Affected versions

Other

scotty_09012012

v258

v259

v260

v260.*

v260.1

v260.2

v260.3

v260.4

v260.5

v260.6