CVE-2017-8033

Опубликовано: 25 июл. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM.

Ссылки

https://www.cloudfoundry.org/cve-2017-8033/
Vendor Advisory
https://www.cloudfoundry.org/cve-2017-8033/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*

Версия до 1.35.0 (исключая)

cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*

Версия до 268 (исключая)

EPSS

Процентиль: 44%

0.00211

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-c8h4-2c59-gmm5