CVE-2017-8035
published 2017-07-25CVE-2017-8035: An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.39%
68.9th percentile
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation.
Affected
58 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
| cloudfoundry | capi-release | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9235-9qc9-8p4j: In Cloud Foundry Foundation CAPI-release versions after v1
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2017-8037 [HIGH] CWE-200 GHSA-9235-9qc9-8p4j: In Cloud Foundry Foundation CAPI-release versions after v1
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.
GHSA
GHSA-5hx9-w49q-v9p8: An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1
ghsa_unreviewed·2022-05-13
CVE-2017-8035 [HIGH] CWE-200 GHSA-5hx9-w49q-v9p8: An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-07-25
Published