CVE-2017-8037
HIGHCloud Foundry CAPI-release v1.6.0-v1.38.0 and cf-release v244-v270 - Information Disclosure via Crafted CAPI Request
Title source: llmDescription
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/cve-2017-8037/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100448
Scores
CVSS v3
7.5
EPSS
0.0141
EPSS Percentile
69.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (50)
cloudfoundry/capi-release
1.7.0
cloudfoundry/capi-release
1.8.0
cloudfoundry/capi-release
1.9.0
cloudfoundry/capi-release
1.10.0
cloudfoundry/capi-release
1.11.0
cloudfoundry/capi-release
1.12.0
cloudfoundry/capi-release
1.13.0
cloudfoundry/capi-release
1.14.0
cloudfoundry/capi-release
1.15.0
cloudfoundry/capi-release
1.16.0
... and 40 more
Published
Aug 21, 2017
Tracked Since
Feb 18, 2026