PT-2017-18081 · Cloud Foundry Foundation · Capi-Release

Published

2017-07-24

Updated

2022-02-09

CVE-2017-8036

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloud Foundry Foundation CAPI-release version 1.33.0

Description An issue in the Cloud Controller API allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. This issue is a result of a regression introduced by the original fix for a previous problem, which was included in CAPI-release 1.33.0.

Recommendations For Cloud Foundry Foundation CAPI-release version 1.33.0, consider disabling the affected API endpoint until a patch is available. Restrict access to the Cloud Controller VM to minimize the risk of exploitation. Avoid pushing specially crafted applications to prevent arbitrary code execution.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-8036

Affected Products

Capi-Release

PT-2017-18081 · Cloud Foundry Foundation · Capi-Release

CVE-2017-8036

Related Identifiers

Affected Products

References · 4