CVE-2016-0761

high-risk

Published 2017-05-25

Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host.

Do I need to act?

-

0.55% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

9

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (18)

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Garden Linux

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Cloud Foundry Elastic Runtime

Affected Vendors

Cloudfoundry Pivotal Software

References (2)

Vendor Advisory https://pivotal.io/security/cve-2016-0761

Vendor Advisory https://pivotal.io/security/cve-2016-0761

53

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 19/34 · Moderate