Skip to main content

Bpm Release

1 CVEs product

Monthly

CVE-2026-47833 MEDIUM PATCH This Month

Symlink-following in Cloud Foundry bpm-release's setupBpmLogs function enables a container-to-host confidentiality breach, allowing a compromised low-privileged process inside a bpm container to manipulate root into chowning an arbitrary host file - including /etc/shadow - to the vcap user. All bpm-release versions prior to v1.4.30 are affected. Once ownership of /etc/shadow is taken, the attacker reads every host password hash via bpm's existing read-only /etc bind mount, effectively breaking the container boundary without requiring any user interaction. No public exploit or CISA KEV listing has been identified at time of analysis, though the low attack complexity and clear exploitation path make this a credible near-term risk.

Privilege Escalation Bpm Release
NVD
CVSS 4.0
6.9
EPSS
0.1%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Symlink-following in Cloud Foundry bpm-release's setupBpmLogs function enables a container-to-host confidentiality breach, allowing a compromised low-privileged process inside a bpm container to manipulate root into chowning an arbitrary host file - including /etc/shadow - to the vcap user. All bpm-release versions prior to v1.4.30 are affected. Once ownership of /etc/shadow is taken, the attacker reads every host password hash via bpm's existing read-only /etc bind mount, effectively breaking the container boundary without requiring any user interaction. No public exploit or CISA KEV listing has been identified at time of analysis, though the low attack complexity and clear exploitation path make this a credible near-term risk.

Privilege Escalation Bpm Release
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy