CVE-2017-8037

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
cloudfoundrycapi-release
1.7.0
cloudfoundrycapi-release
1.8.0
cloudfoundrycapi-release
1.9.0
cloudfoundrycapi-release
1.10.0
cloudfoundrycapi-release
1.11.0
cloudfoundrycapi-release
1.12.0
cloudfoundrycapi-release
1.13.0
cloudfoundrycapi-release
1.14.0
cloudfoundrycapi-release
1.15.0
cloudfoundrycapi-release
1.16.0
cloudfoundrycapi-release
1.17.0
cloudfoundrycapi-release
1.18.0
cloudfoundrycapi-release
1.19.0
cloudfoundrycapi-release
1.20.0
cloudfoundrycapi-release
1.21.0
cloudfoundrycapi-release
1.22.0
cloudfoundrycapi-release
1.23.0
cloudfoundrycapi-release
1.24.0
cloudfoundrycapi-release
1.25.0
cloudfoundrycapi-release
1.26.0
cloudfoundrycapi-release
1.27.0
cloudfoundrycapi-release
1.28.0
cloudfoundrycapi-release
1.29.0
cloudfoundrycapi-release
1.30.0
cloudfoundrycapi-release
1.31.0
cloudfoundrycapi-release
1.32.0
cloudfoundrycapi-release
1.33.0
cloudfoundrycapi-release
1.34.0
cloudfoundrycapi-release
1.35.0
cloudfoundrycapi-release
1.36.0
cloudfoundrycapi-release
1.37.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/100448
https://www.cloudfoundry.org/cve-2017-8037/
http://www.securityfocus.com/bid/100448
https://www.cloudfoundry.org/cve-2017-8037/