CVE-2016-0761 : Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x

Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host.

Published 2017-05-25 17:29:00

Updated 2021-08-25 21:14:15

Source Dell

View at NVD, CVE.org

Products affected by CVE-2016-0761

Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.4
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.5
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.6
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.7
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.1
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.3
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.8
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.10
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.12
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.13
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.14
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.15
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.0
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.2
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.9
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.11
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.16
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » Garden Linux
Versions up to, including, (<=) 0.332.0
cpe:2.3:a:cloudfoundry:garden_linux:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-0761

EPSS FAQ

0.55%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 65 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-0761

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-0761

CWE-19

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-0761

https://pivotal.io/security/cve-2016-0761

CVE-2016-0761 Docker Image Host Files Corruption | Security | Pivotal
Vendor Advisory

Jump to

Vulnerability Details : CVE-2016-0761

Products affected by CVE-2016-0761

Exploit prediction scoring system (EPSS) score for CVE-2016-0761

CVSS scores for CVE-2016-0761

CWE ids for CVE-2016-0761

References for CVE-2016-0761