cvedb.io
CVE-2019-3786
HIGH · CVSS 7.1
EPSS exploitation probability: 0%
Published 2019-04-24T16:29:01.920 · Last modified 2026-06-17T02:35:35.603

Summary

Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable.

Affected products

cloudfoundry — bosh_backup_and_restore

Does this affect you?

Add your gear to cvedb and we'll alert you only when cloudfoundry ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.