CVE-2018-1266: Cloud Controller file modification via malicious application
Severity
Critical
References
Affected VMware Products and Versions
Severity is critical unless otherwise noted.
- Pivotal Application Service
- 2.1.x versions prior to 2.1.1
- 2.0.x versions prior to 2.0.10
- 1.12.x versions prior to 1.12.19
- 1.11.x versions prior to 1.11.31
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
- Releases that have fixed this issue include:
- Pivotal Application Service: 2.1.1, 2.0.10, 1.12.19, 1.11.31