PT-2017-18080 · Cloud Foundry Foundation · Capi-Release+1

Published

2017-07-25

Updated

2022-02-09

CVE-2017-8035

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 Cloud Foundry Foundation cf-release versions after v244 and prior to v268

Description An issue in the Cloud Controller API allows a Space Developer to gain access to files on the Cloud Controller VM with a carefully crafted request.

Recommendations For Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0, update to version v1.35.0 or later to resolve the issue. For Cloud Foundry Foundation cf-release versions after v244 and prior to v268, update to version v268 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-8035

Affected Products

Capi-Release

Cf-Release

PT-2017-18080 · Cloud Foundry Foundation · Capi-Release+1

CVE-2017-8035

Weakness Enumeration

Related Identifiers

Affected Products

References · 3