PT-2017-18077 · Cloud Foundry · Cloud Foundry+1

Publicado

2017-07-10

Atualizado

2022-05-13

CVE-2017-8032

CVSS v3.1

6.6

Média

Vetor

AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloud Foundry cf-release versions prior to v264 UAA release versions prior to v4.4.0 UAA bosh release (uaa-release) versions prior to v41

Description The issue allows zone administrators to escalate their privileges when mapping permissions for an external provider. This is due to a problem in the way permissions are handled for external providers.

Recommendations For Cloud Foundry cf-release versions prior to v264, update to version v264 or later. For UAA release versions prior to v4.4.0, update to version v4.4.0 or later. For UAA bosh release (uaa-release) versions prior to v41, update to version v41 or later.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2017-8032

GHSA-9FRW-WMVQ-5RRC

Produtos afetados

Cloud Foundry

Uaa

PT-2017-18077 · Cloud Foundry · Cloud Foundry+1

CVE-2017-8032

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10