CVE-2017-14388
HIGHCloud Foundry Foundation GrootFS <0.30.0 - Code Injection
Title source: llmDescription
Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/cve-2017-14388/
Scores
CVSS v3
7.8
EPSS
0.0073
EPSS Percentile
49.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (28)
n/a/GrootFS release GrootFS release 0.3.x versions prior to 0.30.0
GrootFS release GrootFS release 0.3.x versions prior to 0.30.0
pivotal_software/grootfs
0.3.0
pivotal_software/grootfs
0.4.0
pivotal_software/grootfs
0.5.0
pivotal_software/grootfs
0.6.0
pivotal_software/grootfs
0.7.0
pivotal_software/grootfs
0.8.0
pivotal_software/grootfs
0.9.0
pivotal_software/grootfs
0.10.0
pivotal_software/grootfs
0.11.0
... and 18 more
Published
Nov 13, 2017
Tracked Since
Feb 18, 2026