An endpoint of the Agent running on the BOSH Director VM with stemcell versions before 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal bosh stemcell 3146.13 |
||
pivotal bosh stemcell |