CVE-2016-2169 — Capi-release vulnerability

CWE-173 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 53.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Capi-release Cloudfoundry Cf-release Cloud Foundry Cloud Controller

Timeline

PublishedApr 18

Latest updateMay 14

Description

Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDcloudfoundry/capi-release< 1.0.0

▶NVDcloudfoundry/cf-release< 237

▶CVEListV5cloud_foundry/cloud_controllercapi-release prior to 1.0.0, cf-release prior to v237

🔴Vulnerability Details

GHSA

GHSA-x468-qcc8-c34f: Cloud Foundry Cloud Controller, capi-release versions prior to 1↗2022-05-14

▶

CVEList

CVE-2016-2169: Cloud Foundry Cloud Controller, capi-release versions prior to 1↗2018-04-18

▶