CVE-2017-8037
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.
En Cloud Foundry Foundation CAPI-release en versiones posteriores a la v1.6.0 y anteriores a la v1.38.0 y cf-release en versiones posteriores a la v244 y anteriores a la v270 hay una solución incompleta para CVE-2017-8035. Si ha emprendido acciones para solucionar CVE-2017-8035, también debería actualizar para solucionar este CVE. Una petición CAPI especialmente manipulada desde un Space Developer puede permitir que atacantes obtengan acceso al Cloud Controller VM para tal instalación. Esto también se conoce como (Fuga/Divulgación de Información).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-04-21 CVE Reserved
- 2017-08-21 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100448 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.cloudfoundry.org/cve-2017-8037 | 2019-03-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.7.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.7.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.8.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.8.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.9.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.9.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.10.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.10.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.11.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.11.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.12.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.12.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.13.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.13.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.14.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.14.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.15.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.15.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.16.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.16.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.17.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.17.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.18.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.18.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.19.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.19.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.20.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.20.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.21.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.21.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.22.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.22.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.23.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.23.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.24.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.24.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.25.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.25.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.26.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.26.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.27.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.27.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.28.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.28.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.29.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.29.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.30.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.30.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.31.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.31.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.32.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.32.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.33.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.33.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.34.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.34.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.35.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.35.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.36.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.36.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Capi-release Search vendor "Cloudfoundry" for product "Capi-release" | 1.37.0 Search vendor "Cloudfoundry" for product "Capi-release" and version "1.37.0" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 245 Search vendor "Cloudfoundry" for product "Cf-release" and version "245" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 246 Search vendor "Cloudfoundry" for product "Cf-release" and version "246" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 247 Search vendor "Cloudfoundry" for product "Cf-release" and version "247" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 248 Search vendor "Cloudfoundry" for product "Cf-release" and version "248" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 249 Search vendor "Cloudfoundry" for product "Cf-release" and version "249" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 250 Search vendor "Cloudfoundry" for product "Cf-release" and version "250" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 251 Search vendor "Cloudfoundry" for product "Cf-release" and version "251" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 252 Search vendor "Cloudfoundry" for product "Cf-release" and version "252" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 253 Search vendor "Cloudfoundry" for product "Cf-release" and version "253" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 254 Search vendor "Cloudfoundry" for product "Cf-release" and version "254" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 255 Search vendor "Cloudfoundry" for product "Cf-release" and version "255" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 256 Search vendor "Cloudfoundry" for product "Cf-release" and version "256" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 257 Search vendor "Cloudfoundry" for product "Cf-release" and version "257" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 258 Search vendor "Cloudfoundry" for product "Cf-release" and version "258" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 259 Search vendor "Cloudfoundry" for product "Cf-release" and version "259" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 260 Search vendor "Cloudfoundry" for product "Cf-release" and version "260" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 261 Search vendor "Cloudfoundry" for product "Cf-release" and version "261" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 262 Search vendor "Cloudfoundry" for product "Cf-release" and version "262" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 263 Search vendor "Cloudfoundry" for product "Cf-release" and version "263" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 264 Search vendor "Cloudfoundry" for product "Cf-release" and version "264" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 265 Search vendor "Cloudfoundry" for product "Cf-release" and version "265" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 266 Search vendor "Cloudfoundry" for product "Cf-release" and version "266" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 267 Search vendor "Cloudfoundry" for product "Cf-release" and version "267" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 268 Search vendor "Cloudfoundry" for product "Cf-release" and version "268" | - |
Affected
| ||||||
| Cloudfoundry Search vendor "Cloudfoundry" | Cf-release Search vendor "Cloudfoundry" for product "Cf-release" | 269 Search vendor "Cloudfoundry" for product "Cf-release" and version "269" | - |
Affected
| ||||||