CVE-2016-8219 — Improper Privilege Management in Capi-release

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 53.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Capi-release Cloudfoundry Cf-release

Timeline

PublishedJun 13

Latest updateMay 13

Description

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcloudfoundry/capi-release< 1.12.0

▶NVDcloudfoundry/cf-release< 250

🔴Vulnerability Details

GHSA

GHSA-w6w3-q7mh-r859: An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1↗2022-05-13

▶

CVEList

CVE-2016-8219: An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1↗2017-06-13

▶