Critical
Cloud Foundry Foundation
A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation.
Users of affected versions should apply the following mitigation or upgrade:
This vulnerability was responsibly reported by the GE Digital Security Team.
2017-07-19: Initial vulnerability report published
2017-07-19: Update vulnerable CAPI and cf versions