Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-14389

Опубликовано: 28 нояб. 2017
Источник: nvd
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*
Версия до 1.45.0 (исключая)
cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*
Версия до 1.0.0 (исключая)
cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*
Версия до 280 (исключая)

EPSS

Процентиль: 40%
0.00183
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-2mjv-62fw-hvv4

CVSS3: 6.5
github
больше 3 лет назад

An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."

EPSS

Процентиль: 40%
0.00183
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo