[SECURITY][HIGH] CVE-2016-0780 Cloud Controller Disk Quota Enforcement

Home Messages Hashtags Subgroups

Chip Childers <cchilders@...> #4302 CVE-2016-0780 Cloud Controller Disk Quota EnforcementSeverity HighVendor Cloud Foundry FoundationVersions Affected cf-release v231 and lowerDescription It was discovered that Cloud Foundry does not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/Diego Cells causing a potential denial of service for other applications.Mitigation * - Upgrade to cf-release v233 [1] (cf-release v232 is not recommended for use)Credit Fujitsu LimitedReferences [1] https://github.com/cloudfoundry/cf-release/releases/tag/v233 <https://github.com/cloudfoundry/cf-release/releases/tag/v233>*History2016-Mar-23: Initial vulnerability report published attachment.html
More All Messages By This Member

Join {cf-dev@lists.cloudfoundry.org to automatically receive all group messages.