fkie_cve-2017-8037
Vulnerability from fkie_nvd
Published
2017-08-21 22:29
Modified
2024-11-21 03:33
Severity ?
Summary
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F260594E-4032-406D-8B84-3E91400F86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D9350E-0AA5-4D9A-A41A-855B40E440D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A66A9C0A-9B42-4B7E-A4B7-F06601B67FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "207F6A29-0A37-4CDD-8DB2-E6CD89204013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3803207-D7A0-47E0-A357-314C245C5C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "039156DB-D2DC-4AD5-9ACE-52095FE688BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7343B84E-3255-4BB4-A988-03BC9DC8D7E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB53101-EC12-49DE-8C3C-3B373C4FA1E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15625A3E-61A4-4F7E-BFEC-7ED830AE41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38B7D6B1-2CB1-4FB1-BC63-3104391D2742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D9D5D4-14E4-404A-B88E-78C8A37CB9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C56907A-3233-435F-933B-8E3ED4965BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33E86E4-BD1C-4D03-9AF4-7A86B0B5BCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C409657C-0C4D-4873-B707-38AC618035CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41CD5C38-E188-41DB-A811-27438525FDAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3EC8F2-3520-4952-9541-3C56F6D131BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1671324-93EB-4409-9BA5-0D2D847C6A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45AC669D-3AED-48C2-ADA2-D1EE235FA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8970738B-E240-4C3E-A8F6-57FB66976B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00406C75-1032-49A3-9C4E-AC41F46CA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D464CFBC-5AEF-4B65-8616-8E31E8C856D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE0978C-1BEC-4FCE-A625-0FF196B3E6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.29.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B258E3E-2291-4180-9735-71EE2874250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D416F421-66EB-4A80-BC1A-B99AE3F7E126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8DA9C5-C65C-467B-AD90-8B84E8EF9397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.32.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7F5A30-36EF-4F1D-B712-4F482F757CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.33.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D55D28-676E-42C4-90A5-C9CE306D42C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76369246-BE4B-4FAC-855B-8590C5C8DFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.35.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F684CB9F-8079-452A-9F27-8F964C636AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.36.0:*:*:*:*:*:*:*",
"matchCriteriaId": "772569FD-E641-42EB-A694-64EC4E7437E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.37.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35A5003C-2FB9-4FA3-AC7E-038CD573A23C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:245:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA6A56C-E0FE-4CB1-BE86-4C1E80D97265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:246:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF4D7D1-4C35-4F76-816D-3F2407804E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:247:*:*:*:*:*:*:*",
"matchCriteriaId": "D852D5F4-DDB4-4C76-88B6-EB49E21FEDC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:248:*:*:*:*:*:*:*",
"matchCriteriaId": "B35C30C1-E2B9-4590-8765-1E0DA735E026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:249:*:*:*:*:*:*:*",
"matchCriteriaId": "3680FAA7-9B57-4A9A-BD20-68821A7D4FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:250:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F9A19A-9E31-4E4A-869C-9C13163A06C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:251:*:*:*:*:*:*:*",
"matchCriteriaId": "F08095E9-1BA9-438F-B776-D75F419E682E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:252:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE29D36-9A2E-4D87-8C0C-D8FC1034B027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:253:*:*:*:*:*:*:*",
"matchCriteriaId": "7E227D42-19CA-45DD-AAC1-8D31537B5BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:254:*:*:*:*:*:*:*",
"matchCriteriaId": "BC145421-17F6-438B-9C3F-8DED72F3B5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:255:*:*:*:*:*:*:*",
"matchCriteriaId": "5046C2CB-99C6-4243-B830-B3957910F1AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:256:*:*:*:*:*:*:*",
"matchCriteriaId": "5A07B320-7DC3-4E7B-8997-6606F8FCBEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:257:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7777A5-9136-49E4-9A6F-3C9A6687DAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:258:*:*:*:*:*:*:*",
"matchCriteriaId": "88C90B83-9597-427C-A941-06F0C5A8C3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:259:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D92B65-E45A-42EE-B0B9-AD69E1881E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:260:*:*:*:*:*:*:*",
"matchCriteriaId": "A98BAE4B-184F-49A4-89E1-4F270CC7FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:261:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E78B11-B3E9-4D62-8F17-F2575D7F9181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:262:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5EF186-0D05-497D-A66C-142ED0DFA973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:263:*:*:*:*:*:*:*",
"matchCriteriaId": "7A262620-E71A-44C7-A1F4-BEEDF107BC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:264:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D721F9-227C-4F1D-9010-D1920F692228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:265:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE4BA55-963C-4EB1-AD85-344AAE107A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:266:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5827B3-143F-408B-A0C7-005079BD9215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:267:*:*:*:*:*:*:*",
"matchCriteriaId": "762BE4A1-931B-4C44-94C8-F5DC894CFD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:268:*:*:*:*:*:*:*",
"matchCriteriaId": "735E1016-97F0-4286-955F-6017A2F8AD79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:269:*:*:*:*:*:*:*",
"matchCriteriaId": "F021AB15-30F0-46DE-B613-11E3D4C9FD50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure."
},
{
"lang": "es",
"value": "En Cloud Foundry Foundation CAPI-release en versiones posteriores a la v1.6.0 y anteriores a la v1.38.0 y cf-release en versiones posteriores a la v244 y anteriores a la v270 hay una soluci\u00f3n incompleta para CVE-2017-8035. Si ha emprendido acciones para solucionar CVE-2017-8035, tambi\u00e9n deber\u00eda actualizar para solucionar este CVE. Una petici\u00f3n CAPI especialmente manipulada desde un Space Developer puede permitir que atacantes obtengan acceso al Cloud Controller VM para tal instalaci\u00f3n. Esto tambi\u00e9n se conoce como (Fuga/Divulgaci\u00f3n de Informaci\u00f3n)."
}
],
"id": "CVE-2017-8037",
"lastModified": "2024-11-21T03:33:11.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-21T22:29:00.183",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/bid/100448"
},
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudfoundry.org/cve-2017-8037/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/100448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudfoundry.org/cve-2017-8037/"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.