CVE-2017-8037

Опубликовано: 21 авг. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.

Ссылки

http://www.securityfocus.com/bid/100448
https://www.cloudfoundry.org/cve-2017-8037/
Vendor Advisory
http://www.securityfocus.com/bid/100448
https://www.cloudfoundry.org/cve-2017-8037/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cloudfoundry:capi-release:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.8.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.9.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.10.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.11.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.12.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.13.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.14.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.15.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.16.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.17.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.18.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.19.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.20.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.21.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.22.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.23.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.24.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.25.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.26.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.27.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.28.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.29.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.30.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.31.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.32.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.33.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.34.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.35.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.36.0:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:capi-release:1.37.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:cloudfoundry:cf-release:245:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:246:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:247:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:248:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:249:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:250:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:251:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:252:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:253:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:254:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:255:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:256:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:257:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:258:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:259:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:260:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:261:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:262:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:263:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:264:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:265:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:266:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:267:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:268:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cf-release:269:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00381

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-9235-9qc9-8p4j