CVE-2018-11084 MEDIUM

CVE-2018-11084: Garden-runC prevents deletion of some app environments

Vendor Cloud Foundry
Product Garden-runC
Published September 18, 2018
Last update September 16, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps.

Key dates

02Disclosure timeline

September 18, 2018 CVE published
September 16, 2024 Record updated