CVE-2017-8037

{"id": "CVE-2017-8037", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-08-21T22:29:00.183", "references": [{"url": "http://www.securityfocus.com/bid/100448", "source": "security_alert@emc.com"}, {"url": "https://www.cloudfoundry.org/cve-2017-8037/", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure."}, {"lang": "es", "value": "En Cloud Foundry Foundation CAPI-release en versiones posteriores a la v1.6.0 y anteriores a la v1.38.0 y cf-release en versiones posteriores a la v244 y anteriores a la v270 hay una soluci\u00f3n incompleta para CVE-2017-8035. Si ha emprendido acciones para solucionar CVE-2017-8035, tambi\u00e9n deber\u00eda actualizar para solucionar este CVE. Una petici\u00f3n CAPI especialmente manipulada desde un Space Developer puede permitir que atacantes obtengan acceso al Cloud Controller VM para tal instalaci\u00f3n. Esto tambi\u00e9n se conoce como (Fuga/Divulgaci\u00f3n de Informaci\u00f3n)."}], "lastModified": "2019-03-22T09:29:00.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F260594E-4032-406D-8B84-3E91400F86FF"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2D9350E-0AA5-4D9A-A41A-855B40E440D6"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A66A9C0A-9B42-4B7E-A4B7-F06601B67FB8"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "207F6A29-0A37-4CDD-8DB2-E6CD89204013"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3803207-D7A0-47E0-A357-314C245C5C13"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "039156DB-D2DC-4AD5-9ACE-52095FE688BE"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7343B84E-3255-4BB4-A988-03BC9DC8D7E3"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EB53101-EC12-49DE-8C3C-3B373C4FA1E0"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15625A3E-61A4-4F7E-BFEC-7ED830AE41C9"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38B7D6B1-2CB1-4FB1-BC63-3104391D2742"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.17.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4D9D5D4-14E4-404A-B88E-78C8A37CB9B3"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.18.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C56907A-3233-435F-933B-8E3ED4965BC8"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.19.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A33E86E4-BD1C-4D03-9AF4-7A86B0B5BCE1"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.20.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C409657C-0C4D-4873-B707-38AC618035CF"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.21.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41CD5C38-E188-41DB-A811-27438525FDAD"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.22.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E3EC8F2-3520-4952-9541-3C56F6D131BF"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.23.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1671324-93EB-4409-9BA5-0D2D847C6A85"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.24.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45AC669D-3AED-48C2-ADA2-D1EE235FA793"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.25.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8970738B-E240-4C3E-A8F6-57FB66976B6A"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.26.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00406C75-1032-49A3-9C4E-AC41F46CA778"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.27.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D464CFBC-5AEF-4B65-8616-8E31E8C856D5"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.28.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FE0978C-1BEC-4FCE-A625-0FF196B3E6C6"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.29.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B258E3E-2291-4180-9735-71EE2874250B"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.30.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D416F421-66EB-4A80-BC1A-B99AE3F7E126"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.31.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D8DA9C5-C65C-467B-AD90-8B84E8EF9397"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.32.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D7F5A30-36EF-4F1D-B712-4F482F757CEA"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.33.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8D55D28-676E-42C4-90A5-C9CE306D42C7"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.34.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76369246-BE4B-4FAC-855B-8590C5C8DFBA"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.35.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F684CB9F-8079-452A-9F27-8F964C636AD2"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.36.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "772569FD-E641-42EB-A694-64EC4E7437E3"}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.37.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35A5003C-2FB9-4FA3-AC7E-038CD573A23C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:cf-release:245:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DA6A56C-E0FE-4CB1-BE86-4C1E80D97265"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:246:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAF4D7D1-4C35-4F76-816D-3F2407804E85"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:247:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D852D5F4-DDB4-4C76-88B6-EB49E21FEDC5"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:248:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B35C30C1-E2B9-4590-8765-1E0DA735E026"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:249:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3680FAA7-9B57-4A9A-BD20-68821A7D4FE2"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:250:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9F9A19A-9E31-4E4A-869C-9C13163A06C6"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:251:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F08095E9-1BA9-438F-B776-D75F419E682E"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:252:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAE29D36-9A2E-4D87-8C0C-D8FC1034B027"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:253:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E227D42-19CA-45DD-AAC1-8D31537B5BFA"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:254:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC145421-17F6-438B-9C3F-8DED72F3B5B8"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:255:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5046C2CB-99C6-4243-B830-B3957910F1AF"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:256:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A07B320-7DC3-4E7B-8997-6606F8FCBEBB"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:257:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F7777A5-9136-49E4-9A6F-3C9A6687DAA7"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:258:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88C90B83-9597-427C-A941-06F0C5A8C3DD"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:259:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3D92B65-E45A-42EE-B0B9-AD69E1881E2B"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:260:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A98BAE4B-184F-49A4-89E1-4F270CC7FEC8"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:261:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7E78B11-B3E9-4D62-8F17-F2575D7F9181"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:262:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB5EF186-0D05-497D-A66C-142ED0DFA973"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:263:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A262620-E71A-44C7-A1F4-BEEDF107BC2E"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:264:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9D721F9-227C-4F1D-9010-D1920F692228"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:265:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AE4BA55-963C-4EB1-AD85-344AAE107A82"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:266:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E5827B3-143F-408B-A0C7-005079BD9215"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:267:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "762BE4A1-931B-4C44-94C8-F5DC894CFD1F"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:268:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "735E1016-97F0-4286-955F-6017A2F8AD79"}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:269:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F021AB15-30F0-46DE-B613-11E3D4C9FD50"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}