PT-2017-18082 · Cloud Foundry · Capi-Release+1

Published

2017-08-21

Updated

2019-03-22

CVE-2017-8037

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions CAPI-release versions after v1.6.0 and prior to v1.38.0 cf-release versions after v244 and prior to v270

Description The issue allows a Space Developer to gain access to files on the Cloud Controller VM for that installation, resulting in an information leak or disclosure. This can be achieved by sending a carefully crafted CAPI request.

Recommendations For CAPI-release versions after v1.6.0 and prior to v1.38.0, upgrade to version v1.38.0 or later to fix the issue. For cf-release versions after v244 and prior to v270, upgrade to version v270 or later to fix the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-8037

Affected Products

Capi-Release

Cf-Release

PT-2017-18082 · Cloud Foundry · Capi-Release+1

CVE-2017-8037

Weakness Enumeration

Related Identifiers

Affected Products

References · 4