CVE-2017-4992
CRITICALCloud Foundry Foundation cf-release <v261 - Privilege Escalation
Title source: llmDescription
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/cve-2017-4992/
Scores
CVSS v3
9.8
EPSS
0.0117
EPSS Percentile
63.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (50)
cloudfoundry/cf-release
< 260
cloudfoundry/cloud_foundry_uaa_bosh
13.1
cloudfoundry/cloud_foundry_uaa_bosh
13.2
cloudfoundry/cloud_foundry_uaa_bosh
13.3
cloudfoundry/cloud_foundry_uaa_bosh
13.4
cloudfoundry/cloud_foundry_uaa_bosh
13.5
cloudfoundry/cloud_foundry_uaa_bosh
13.6
cloudfoundry/cloud_foundry_uaa_bosh
13.7
cloudfoundry/cloud_foundry_uaa_bosh
13.8
cloudfoundry/cloud_foundry_uaa_bosh
13.9
... and 40 more
Published
Jun 13, 2017
Tracked Since
Feb 18, 2026