Critical
Cloud Foundry Foundation
This CVE is for an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE.
A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation.
Users of affected versions should apply the following mitigation or upgrade:
This vulnerability was responsibly reported by the GE Digital Security Team.
2017-08-07: Initial vulnerability report published