Lucene search
Cloud FoundryCFOUNDRY:E88ABB47E904FC9E6CC8E9356FB6F9EAHistoryJul 19, 2017 - 12:00 a.m.
CVE-2017-8036: Cloud Controller API regression | Cloud Foundry
2017-07-1900:00:00
Cloud Foundry
www.cloudfoundry.org
19
0.001 Low
EPSS
Percentile
33.5%
Severity
Critical
Vendor
Cloud Foundry Foundation
Versions Affected
- CAPI-release version 1.33.0 only
Description
The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially-crafted application.
Mitigation
Users of affected versions should apply the following mitigation or upgrade:
- Note: The affected version of CAPI-release was not included in any cf-release.
- Standalone component users should upgrade CAPI-release to v1.35.0 or later. [1]
Credit
This vulnerability was responsibly reported by the CAPI team.
References
History
2017-07-19: Initial vulnerability report published
Related
cve
cve
prion
prion
Design/Logic Flaw
2017-07-24 18:29:00
Design/Logic Flaw
2017-07-25 04:29:00
Design/Logic Flaw
2017-10-04 01:29:00
osv
osv
cvelist
cvelist
nvd
nvd
cloudfoundry
cloudfoundry
CVE-2017-8033: Cloud Controller API filesystem traversal vulnerability | Cloud Foundry
2017-07-19 00:00:00
CVE-2017-8048: Cloud Controller API regression | Cloud Foundry
2017-09-25 00:00:00