Security Risk Category
certificate-validation Security Risks
Published vulnerability pages connected to certificate-validation. One risk can appear in multiple categories while keeping one canonical page.
certificate-validation risks
Showing 2 of 2 published risks.
BOSH CLI DAV Blobstore TLS Certificate Verification Bypass Vulnerability
During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network attacker can terminate the TLS connection, harvest the Basic-auth credentials, and read the rendered-templates archive containing every bootstrap secret for the new BOSH Director, then replay the credentials against the real VM's agent for root code execution. Affected versions: bosh-cli versions prior to v7.10.4.
Updated Jul 10, 2026
Cloud Foundry UAA LDAP StartTLS Hostname Verification Bypass Vulnerability
A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselves admin scopes. This affects every deployment that authenticates users against LDAP over StartTLS. Affected versions: UAA versions prior to v78.13.0; Cf-deployment versions prior to v56.2.0.
Updated Jul 10, 2026
