CVE-2017-8035

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-8035
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
https://www.cloudfoundry.org/cve-2017-8035/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*
History

09 Feb 2022, 19:25

Type Values Removed Values Added
CPE cpe:2.3:a:cloudfoundary:cf-release:266:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:264:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.33.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:245:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:261:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:267:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:258:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:250:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.27.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:263:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.34.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:259:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:253:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:255:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:254:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:257:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.22.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:246:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:262:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:247:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:248:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.31.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.28.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.19.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:251:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:260:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.23.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:256:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.32.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.25.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.17.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.21.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.24.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.20.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.18.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.12.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.16.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:249:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.26.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:265:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:cf-release:252:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.13.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.29.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.30.0:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundary:capi-release:1.15.0:*:*:*:*:*:*:*		 cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*
References (CONFIRM) https://www.cloudfoundry.org/cve-2017-8035/ - Patch, Vendor Advisory (CONFIRM) https://www.cloudfoundry.org/cve-2017-8035/ - Vendor Advisory
Information

Published : 2017-07-25 04:29

Updated : 2024-02-04 19:29

NVD link : CVE-2017-8035

Mitre link : CVE-2017-8035

CVE.ORG link : CVE-2017-8035

JSON object : View

Products Affected

cloudfoundry

  • cf-release
  • capi-release
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor