Cloud Foundry Cloud Controller, versions before 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cloudfoundry capi-release |