[SECURITY][HIGH] CVE-2016-0780 Cloud Controller Disk Quota Enforcement

Chip Childers <cchilders@...>

CVE-2016-0780 Cloud Controller Disk Quota EnforcementSeverity


*Cloud Foundry Foundation*Versions Affected

*cf-release v231 and lower*Description

*It was discovered that Cloud Foundry does not properly enforce disk quotas
in certain cases. An attacker could use an improper disk quota value to
bypass enforcement and consume all the disk on DEAs/Diego Cells causing a
potential denial of service for other applications.*Mitigation

* - Upgrade to cf-release v233 [1] (cf-release v232 is not recommended for

*Fujitsu Limited*References

*[1] https://github.com/cloudfoundry/cf-release/releases/tag/v233
Initial vulnerability report published

Join {cf-dev@lists.cloudfoundry.org to automatically receive all group messages.