CVE-2017-4991
HIGHCloud Foundry Foundation cf-release <v260 - Privilege Escalation
Title source: llmDescription
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. Privileged users in one zone are allowed to perform a password reset for users in a different zone.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/cve-2017-4991/
Scores
CVSS v3
7.2
EPSS
0.0094
EPSS Percentile
56.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (50)
cloudfoundry/cf-release
< 259
cloudfoundry/cloud_foundry_uaa_bosh
13.1
cloudfoundry/cloud_foundry_uaa_bosh
13.2
cloudfoundry/cloud_foundry_uaa_bosh
13.3
cloudfoundry/cloud_foundry_uaa_bosh
13.4
cloudfoundry/cloud_foundry_uaa_bosh
13.5
cloudfoundry/cloud_foundry_uaa_bosh
13.6
cloudfoundry/cloud_foundry_uaa_bosh
13.7
cloudfoundry/cloud_foundry_uaa_bosh
13.8
cloudfoundry/cloud_foundry_uaa_bosh
13.9
... and 40 more
Published
Jun 13, 2017
Tracked Since
Feb 18, 2026