Vulnerabilities > CVE-2017-8048

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

cloudfoundry

pivotal

NVD

Published: 2017-10-04

Updated: 2021-08-10

Summary

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.

Vulnerable Configurations

Part	Description	Count
Application	Cloudfoundry Cloudfoundry CF Release 269 Cloudfoundry CF Release 268 Cloudfoundry CF Release 270 Cloudfoundry CF Release 271 Cloudfoundry CF Release 272 Cloudfoundry CF Release 273	6
Application	Pivotal Pivotal Capi Release 1.41.0 Pivotal Capi Release 1.40.0 Pivotal Capi Release 1.39.0 Pivotal Capi Release 1.38.0 Pivotal Capi Release 1.37.0 Pivotal Capi Release 1.36.0 Pivotal Capi Release 1.35.0 Pivotal Capi Release 1.34.0 Pivotal Capi Release 1.33.0	9

References

https://www.cloudfoundry.org/cve-2017-8048/

Vulnerabilities > CVE-2017-8048 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2017-8048"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2017-8048