Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.cloudfoundry.org/cve-2017-14388/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: dell
Published: 2017-11-13T17:00:00
Updated: 2024-08-05T19:27:40.238Z
Reserved: 2017-09-12T00:00:00
Link: CVE-2017-14388
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-11-13T17:29:00.537
Modified: 2024-11-21T03:12:41.110
Link: CVE-2017-14388
Redhat
No data.