CVE-2017-8033 — Path Traversal in Capi-release

CWE-22 — Path Traversal9 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 56.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Capi-release Cloudfoundry Cf-release Pivotal Capi-release

Timeline

PublishedJul 25

Latest updateMay 13

Description

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDcloudfoundry/capi-release< 1.35.0+1

▶NVDcloudfoundry/cf-release< 268+6

▶NVDpivotal/capi-release9 versions+8

🔴Vulnerability Details

GHSA

GHSA-c8h4-2c59-gmm5: An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1↗2022-05-13

▶

GHSA

GHSA-hp2f-4chh-4499: An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1↗2022-05-13

▶

GHSA

GHSA-9j8m-7rpr-659f: In Cloud Foundry capi-release versions 1↗2022-05-13

▶

CVEList

CVE-2017-8048: In Cloud Foundry capi-release versions 1↗2017-10-03

▶

CVEList

CVE-2017-8033: An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1↗2017-07-25

▶