CVE-2017-8032
MEDIUMCloud Foundry UAA < v4.4.0 - Privilege Escalation via External Provider Permission Mapping
Title source: llmDescription
In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/cve-2017-8032/
Scores
CVSS v3
6.6
EPSS
0.0088
EPSS Percentile
54.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (50)
cloudfoundry/cloud_foundry_uaa_bosh
13.1
cloudfoundry/cloud_foundry_uaa_bosh
13.2
cloudfoundry/cloud_foundry_uaa_bosh
13.3
cloudfoundry/cloud_foundry_uaa_bosh
13.4
cloudfoundry/cloud_foundry_uaa_bosh
13.5
cloudfoundry/cloud_foundry_uaa_bosh
13.6
cloudfoundry/cloud_foundry_uaa_bosh
13.7
cloudfoundry/cloud_foundry_uaa_bosh
13.8
cloudfoundry/cloud_foundry_uaa_bosh
13.9
cloudfoundry/cloud_foundry_uaa_bosh
13.10
... and 40 more
Published
Jul 10, 2017
Tracked Since
Feb 18, 2026