Find out how we can help your digital transformation. Contact us to learn more.
CVE-2016-0780 Cloud Controller Disk Quota Enforcement
Cloud Foundry Foundation and Pivotal Cloud Foundry
- cf-release v231 and lower
- Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 AND 1.6.x versions prior to 1.6.18
It was discovered that Cloud Foundry does not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications.
Users of affected versions should apply the following mitigation:
- Upgrade to cf-release v233  (cf-release v232 is not recommended for use)
- Upgrade Pivotal Cloud Foundry Elastic Runtime 1.5.x versions to 1.5.17 or later OR 1.6.x versions to 1.6.18 or later
2016-Mar-23: Initial vulnerability report published