An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.

Related CVEs

CVE-2016-4435

Key Information

GHSA ID

GHSA-3rx5-2rm5-fvhx

Published

May 17, 2022 12:36 AM

Last Modified

May 17, 2022 12:36 AM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 5, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.