CVE-2017-8034
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges.
El controlador y el enrutador de nube en Cloud Foundry (publicación de CAPI versiones de capi anteriores a v1.32.0, publicación de enrutamiento versión anterior a v0.159.0, publicación de CF versión anterior a v267), no comprueban el emisor en los Tokens Web JSON (JWTs) de la UAA. Con determinadas configuraciones UAA multizona, los administradores de zona pueden escalar sus privilegios.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-21 CVE Reserved
- 2017-07-17 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-565: Reliance on Cookies without Validation and Integrity Checking
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.cloudfoundry.org/cve-2017-8034 | 2019-10-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | <= 1.31.0 Search vendor "Cloudfoundry" for product "Capi-release" and version " <= 1.31.0" | - |
Affected
| ||||||
Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | <= 266 Search vendor "Cloudfoundry" for product "Cf-release" and version " <= 266" | - |
Affected
| ||||||
Cloudfoundry Search vendor "Cloudfoundry" | Routing-release Search vendor "Cloudfoundry" for product "Routing-release" | <= 0.158.0 Search vendor "Cloudfoundry" for product "Routing-release" and version " <= 0.158.0" | - |
Affected
|