PT-2017-18082 · Cloud Foundry · Capi-Release+1

Publicado

2017-08-21

Atualizado

2019-03-22

CVE-2017-8037

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions CAPI-release versions after v1.6.0 and prior to v1.38.0 cf-release versions after v244 and prior to v270

Description The issue allows a Space Developer to gain access to files on the Cloud Controller VM for that installation, resulting in an information leak or disclosure. This can be achieved by sending a carefully crafted CAPI request.

Recommendations For CAPI-release versions after v1.6.0 and prior to v1.38.0, upgrade to version v1.38.0 or later to fix the issue. For cf-release versions after v244 and prior to v270, upgrade to version v270 or later to fix the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2017-8037

Produtos afetados

Capi-Release

Cf-Release

PT-2017-18082 · Cloud Foundry · Capi-Release+1

CVE-2017-8037

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4