CVE-2017-4969: Bug in CC allows users to exceed quotas


CVE-2017-4969: Bug in CC allows users to exceed quotas

Severity

High

Vendor

Cloud Foundry Foundation

Versions Affected

  • cf-release versions prior to v255

Description

The Cloud Foundry Cloud Controller allows authenticated developer users to exceed memory and disk quotas for tasks.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • Upgrade to Cloud Foundry v255 [1] or later

Credit

This issue was responsibly reported by the Cloud Foundry CAPI Team.

References

History

2017-04-13: Initial vulnerability report published