CVE-2017-8048Cf-release vulnerability

3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 38.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cloudfoundry Cf-releasePivotal Capi-release
Timeline
PublishedOct 4
Latest updateMay 13

Description

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDcloudfoundry/cf-release6 versions+5
NVDpivotal/capi-release9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-9j8m-7rpr-659f: In Cloud Foundry capi-release versions 12022-05-13
CVEList
CVE-2017-8048: In Cloud Foundry capi-release versions 12017-10-03
CVE-2017-8048 — Cloudfoundry Cf-release vulnerability | cvebase