All Vulnerability Reports

CVE-2018-1231: BOSH CLI does not restrict access to configuration file


Severity

Medium

References

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

  • Pivotal Operations Manager
    • 2.0.x versions prior to 2.0.9
    • 1.12.x versions prior to 1.12.16

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
  • Releases that have fixed this issue include:
    • Pivotal Operations Manager: 2.1.0, 2.0.9, 1.12.16