Lucene search

[email protected]CVE-2017-8037

HistoryAug 21, 2017 - 10:29 p.m.

CVE-2017-8037

2017-08-2122:29:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2017-8037

cloud foundry

capi-release

information leak

disclosure

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.1%

JSON

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.

Affected configurations

NVD

Node

cloudfoundrycapi-releaseMatch1.7.0

cloudfoundrycapi-releaseMatch1.8.0

cloudfoundrycapi-releaseMatch1.9.0

cloudfoundrycapi-releaseMatch1.10.0

cloudfoundrycapi-releaseMatch1.11.0

cloudfoundrycapi-releaseMatch1.12.0

cloudfoundrycapi-releaseMatch1.13.0

cloudfoundrycapi-releaseMatch1.14.0

cloudfoundrycapi-releaseMatch1.15.0

cloudfoundrycapi-releaseMatch1.16.0

cloudfoundrycapi-releaseMatch1.17.0

cloudfoundrycapi-releaseMatch1.18.0

cloudfoundrycapi-releaseMatch1.19.0

cloudfoundrycapi-releaseMatch1.20.0

cloudfoundrycapi-releaseMatch1.21.0

cloudfoundrycapi-releaseMatch1.22.0

cloudfoundrycapi-releaseMatch1.23.0

cloudfoundrycapi-releaseMatch1.24.0

cloudfoundrycapi-releaseMatch1.25.0

cloudfoundrycapi-releaseMatch1.26.0

cloudfoundrycapi-releaseMatch1.27.0

cloudfoundrycapi-releaseMatch1.28.0

cloudfoundrycapi-releaseMatch1.29.0

cloudfoundrycapi-releaseMatch1.30.0

cloudfoundrycapi-releaseMatch1.31.0

cloudfoundrycapi-releaseMatch1.32.0

cloudfoundrycapi-releaseMatch1.33.0

cloudfoundrycapi-releaseMatch1.34.0

cloudfoundrycapi-releaseMatch1.35.0

cloudfoundrycapi-releaseMatch1.36.0

cloudfoundrycapi-releaseMatch1.37.0

Node

cloudfoundrycf-releaseMatch245

cloudfoundrycf-releaseMatch246

cloudfoundrycf-releaseMatch247

cloudfoundrycf-releaseMatch248

cloudfoundrycf-releaseMatch249

cloudfoundrycf-releaseMatch250

cloudfoundrycf-releaseMatch251

cloudfoundrycf-releaseMatch252

cloudfoundrycf-releaseMatch253

cloudfoundrycf-releaseMatch254

cloudfoundrycf-releaseMatch255

cloudfoundrycf-releaseMatch256

cloudfoundrycf-releaseMatch257

cloudfoundrycf-releaseMatch258

cloudfoundrycf-releaseMatch259

cloudfoundrycf-releaseMatch260

cloudfoundrycf-releaseMatch261

cloudfoundrycf-releaseMatch262

cloudfoundrycf-releaseMatch263

cloudfoundrycf-releaseMatch264

cloudfoundrycf-releaseMatch265

cloudfoundrycf-releaseMatch266

cloudfoundrycf-releaseMatch267

cloudfoundrycf-releaseMatch268

cloudfoundrycf-releaseMatch269

CPENameOperatorVersion
cloudfoundry:capi-releasecloudfoundry capi-releaseeq1.7.0
cloudfoundry:capi-releasecloudfoundry capi-releaseeq1.8.0
cloudfoundry:capi-releasecloudfoundry capi-releaseeq1.9.0
cloudfoundry:capi-releasecloudfoundry capi-releaseeq1.10.0
cloudfoundry:capi-releasecloudfoundry capi-releaseeq1.11.0
cloudfoundry:capi-releasecloudfoundry capi-releaseeq1.12.0
cloudfoundry:capi-releasecloudfoundry capi-releaseeq1.13.0
cloudfoundry:capi-releasecloudfoundry capi-releaseeq1.14.0
cloudfoundry:capi-releasecloudfoundry capi-releaseeq1.15.0
cloudfoundry:capi-releasecloudfoundry capi-releaseeq1.16.0

CPE	Name	Operator	Version
cloudfoundry:capi-release	cloudfoundry capi-release	eq	1.7.0
cloudfoundry:capi-release	cloudfoundry capi-release	eq	1.8.0
cloudfoundry:capi-release	cloudfoundry capi-release	eq	1.9.0
cloudfoundry:capi-release	cloudfoundry capi-release	eq	1.10.0
cloudfoundry:capi-release	cloudfoundry capi-release	eq	1.11.0
cloudfoundry:capi-release	cloudfoundry capi-release	eq	1.12.0
cloudfoundry:capi-release	cloudfoundry capi-release	eq	1.13.0
cloudfoundry:capi-release	cloudfoundry capi-release	eq	1.14.0
cloudfoundry:capi-release	cloudfoundry capi-release	eq	1.15.0
cloudfoundry:capi-release	cloudfoundry capi-release	eq	1.16.0

Rows per page:

1-10 of 311

CNA Affected

[
  {
    "product": "Cloud Foundry",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cloud Foundry"
      }
    ]
  }
]

References

www.securityfocus.com/bid/100448

www.cloudfoundry.org/cve-2017-8037/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.1%

JSON

Related for CVE-2017-8037

cloudfoundry2 prion2 cvelist2 osv2 nvd2 cve1