In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100448 | |
https://www.cloudfoundry.org/cve-2017-8037/ | Vendor Advisory |
http://www.securityfocus.com/bid/100448 | |
https://www.cloudfoundry.org/cve-2017-8037/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 03:33
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/100448 - | |
References | () https://www.cloudfoundry.org/cve-2017-8037/ - Vendor Advisory |
Information
Published : 2017-08-21 22:29
Updated : 2024-11-21 03:33
NVD link : CVE-2017-8037
Mitre link : CVE-2017-8037
CVE.ORG link : CVE-2017-8037
JSON object : View
Products Affected
cloudfoundry
- cf-release
- capi-release
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor