High
Cloud Foundry Foundation
The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space.
Users of affected versions should apply the following mitigations or upgrades:
This issue was responsibly reported by the GE Digital Security Team.
2017-11-22: Initial vulnerability report published.