Code injection

2017-11-2807:29:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.1%

JSON

An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an “Application Subdomain Takeover.”

CPENameOperatorVersion
capi-releaselt1.45.0
cf-deploymentlt1.0.0
cf-releaselt280

Name	Operator	Version
capi-release	lt	1.45.0
cf-deployment	lt	1.0.0
cf-release	lt	280

References

www.cloudfoundry.org/cve-2017-14389/