Lucene search
GoogleOSV:CVE-2017-8034HistoryJul 17, 2017 - 2:29 p.m.
CVE-2017-8034
2017-07-1714:29:01
Google
osv.dev
2
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cf-release | eq | 198 | |
| cf-release | eq | 0.121.0 | |
| cf-release | eq | 0.137.0 | |
| cf-release | eq | 266 | |
| cf-release | eq | 91 | |
| cf-release | eq | 112 | |
| cf-release | eq | rc145.0 | |
| cf-release | eq | 228 | |
| cf-release | eq | 120 | |
| cf-release | eq | 121 |
References
Related
cve
cve
CVE-2017-8034
2017-07-17 14:29:01
nvd
nvd
CVE-2017-8034
2017-07-17 14:29:01
cvelist
cvelist
CVE-2017-8034
2017-07-17 14:00:00
cloudfoundry
cloudfoundry
prion
prion
Code injection
2017-07-17 14:29:00