Bosh Cli
Monthly
Argument injection in bosh-cli versions before v7.10.4 lets a compromised or malicious BOSH Director inject arbitrary OpenSSH command-line options into the ssh process that the CLI spawns locally, achieving code execution on the operator's own workstation. It triggers during non-interactive SSH paths such as bosh ssh -c, bosh logs -f, and similar flows where the CLI builds an ssh command from Director-supplied data. No public exploit is identified at time of analysis, and it is not listed in CISA KEV; the CVSS 4.0 base score is 7.7 (High).
Man-in-the-middle credential theft and root code execution affects the BOSH CLI (bosh-cli) prior to v7.10.4, which fails to verify the DAV blobstore server certificate during 'bosh create-env' and 'bosh delete-env' even though a valid CA certificate is present in the installation manifest. An adjacent network attacker who can intercept the operator's HTTPS upload can harvest Basic-auth credentials and the rendered-templates archive holding every bootstrap secret for the new BOSH Director, then replay those credentials against the target VM's agent to gain root code execution. There is no public exploit identified at time of analysis, but the vendor-rated CVSS 4.0 score of 8.9 reflects the high impact of a full Director compromise.
Arbitrary command execution on operator workstations in Cloud Foundry BOSH CLI before 7.10.5 allows a compromised or malicious BOSH Director to inject and run shell commands locally when an operator invokes bosh ssh, bosh scp, or bosh logs -f with default flags. Because the CLI trusts director-supplied data and passes it into a shell, a controlled director turns a routine operator action into local code execution on the trusted management host. No public exploit identified at time of analysis; not listed in CISA KEV, though the reference blog by Cloud Foundry (originally reported by VMware) confirms the flaw and a fixed release.
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Argument injection in bosh-cli versions before v7.10.4 lets a compromised or malicious BOSH Director inject arbitrary OpenSSH command-line options into the ssh process that the CLI spawns locally, achieving code execution on the operator's own workstation. It triggers during non-interactive SSH paths such as bosh ssh -c, bosh logs -f, and similar flows where the CLI builds an ssh command from Director-supplied data. No public exploit is identified at time of analysis, and it is not listed in CISA KEV; the CVSS 4.0 base score is 7.7 (High).
Man-in-the-middle credential theft and root code execution affects the BOSH CLI (bosh-cli) prior to v7.10.4, which fails to verify the DAV blobstore server certificate during 'bosh create-env' and 'bosh delete-env' even though a valid CA certificate is present in the installation manifest. An adjacent network attacker who can intercept the operator's HTTPS upload can harvest Basic-auth credentials and the rendered-templates archive holding every bootstrap secret for the new BOSH Director, then replay those credentials against the target VM's agent to gain root code execution. There is no public exploit identified at time of analysis, but the vendor-rated CVSS 4.0 score of 8.9 reflects the high impact of a full Director compromise.
Arbitrary command execution on operator workstations in Cloud Foundry BOSH CLI before 7.10.5 allows a compromised or malicious BOSH Director to inject and run shell commands locally when an operator invokes bosh ssh, bosh scp, or bosh logs -f with default flags. Because the CLI trusts director-supplied data and passes it into a shell, a controlled director turns a routine operator action into local code execution on the trusted management host. No public exploit identified at time of analysis; not listed in CISA KEV, though the reference blog by Cloud Foundry (originally reported by VMware) confirms the flaw and a fixed release.
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.