CVE-2017-8048

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
pivotalcapi-release
1.33.0
pivotalcapi-release
1.34.0
pivotalcapi-release
1.35.0
pivotalcapi-release
1.36.0
pivotalcapi-release
1.37.0
pivotalcapi-release
1.38.0
pivotalcapi-release
1.39.0
pivotalcapi-release
1.40.0
pivotalcapi-release
1.41.0
𝑥
= Vulnerable software versions
References
https://www.cloudfoundry.org/cve-2017-8048/
https://www.cloudfoundry.org/cve-2017-8048/