Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2017-11-13T17:00:00

Updated: 2024-08-05T19:27:40.238Z

Reserved: 2017-09-12T00:00:00

Link: CVE-2017-14388

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-11-13T17:29:00.537

Modified: 2024-11-21T03:12:41.110

Link: CVE-2017-14388

cve-icon Redhat

No data.