CVE-2017-8036: Cloud Controller API regression

Severity

Critical

Vendor

Cloud Foundry Foundation

Versions Affected

CAPI-release version 1.33.0 only

Description

The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially-crafted application.

Mitigation

Users of affected versions should apply the following mitigation or upgrade:

Note: The affected version of CAPI-release was not included in any cf-release.
Standalone component users should upgrade CAPI-release to v1.35.0 or later. [1]

Credit

This vulnerability was responsibly reported by the CAPI team.

References

[1] https://github.com/cloudfoundry/capi-release/releases

History

2017-07-19: Initial vulnerability report published

CVE-2017-8036: Cloud Controller API regression

CVE-2017-8036: Cloud Controller API regression

Severity

Vendor

Versions Affected

Description

Mitigation

Credit

References

History

You Might Also Like

USN-3815-1: gettext vulnerability

USN-3067-1: HarfBuzz vulnerabilities

CVE-2021-22101: Cloud Controller is vulnerable to unauthenticated denial of service

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!