CVE-2017-4970 — Cf-release vulnerability

3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.2%

top 54.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Cf-release Cloudfoundry Staticfile Buildpack

Timeline

PublishedJun 13

Latest updateMay 13

Description

An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth configuration to be ignored when the Static file file is not present in the application root. Applications containing a Staticfile.auth file but not a Static file had their basic auth turned off when an operator upgraded the Static file build pack in the foundation to one of the vulnerable versions.…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDcloudfoundry/staticfile_buildpack4 versions+3

▶NVDcloudfoundry/cf-release255

🔴Vulnerability Details

GHSA

GHSA-xvcr-4h4q-m7m8: An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1↗2022-05-13

▶

CVEList

CVE-2017-4970: An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1↗2017-06-13

▶