CVE-2018-1231: BOSH CLI does not restrict access to configuration file
Severity
Medium
References
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- Pivotal Operations Manager
- 2.0.x versions prior to 2.0.9
- 1.12.x versions prior to 1.12.16
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
- Releases that have fixed this issue include:
- Pivotal Operations Manager: 2.1.0, 2.0.9, 1.12.16