Vulnerability Details CVE-2015-5350
In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read files on the host system that the BOSH-created vcap user has permissions to read and then package them into their app droplet.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2015-5350
-
cpe:2.3:a:cloudfoundry:garden:0.22.0
-
cpe:2.3:a:cloudfoundry:garden:0.329.0