Cloud_foundry Bosh
5 CVEs affecting Cloud_foundry Bosh. Latest disclosed: 2026-05-27. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-4961 | High | 8.8 | 2017-06-13 | An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Direct… |
CVE-2018-11083 | High | 8.1 | 2018-10-05 | Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to… |
CVE-2019-11271 | High | 7.8 | 2019-06-19 | Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database… |
CVE-2026-41009 | Medium | 5.8 | 2026-05-27 | When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by AgentClient. inject_compile_log (line 332-339) rea… |
CVE-2026-41704 | Medium | 5.0 | 2026-05-27 | AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads response['value']['… |