Cloud Foundry NFS Volume Service, 1.7.x versions before 1.7.11 and 2.x versions before 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cloudfoundry cf-deployment |
||
cloudfoundry nfs volume release |