// For flags

CVE-2017-8048

 

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.

En las versiones de la 1.33.0 hasta la 1.42.0 del desarrollo capi-release y las versiones de la 268 hasta la 274 (no inclusive) del desarrollo cf-release de Cloud Foundry, la solución original para CVE-2017-8033 introduce una regresión de API que permite que un desarrollador de espacio ejecute código arbitrario en la máquina virtual de Cloud Controller abriendo una aplicación especialmente manipulada. NOTA: 274 resuelve la vulnerabilidad pero tiene un error grave que se resuelve en 275.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-04-21 CVE Reserved
  • 2017-10-03 CVE Published
  • 2024-06-15 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
268
Search vendor "Cloudfoundry" for product "Cf-release" and version "268"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
269
Search vendor "Cloudfoundry" for product "Cf-release" and version "269"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
270
Search vendor "Cloudfoundry" for product "Cf-release" and version "270"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
271
Search vendor "Cloudfoundry" for product "Cf-release" and version "271"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
272
Search vendor "Cloudfoundry" for product "Cf-release" and version "272"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
273
Search vendor "Cloudfoundry" for product "Cf-release" and version "273"
-
Affected
Pivotal
Search vendor "Pivotal"
Capi-release
Search vendor "Pivotal" for product "Capi-release"
1.33.0
Search vendor "Pivotal" for product "Capi-release" and version "1.33.0"
-
Affected
Pivotal
Search vendor "Pivotal"
Capi-release
Search vendor "Pivotal" for product "Capi-release"
1.34.0
Search vendor "Pivotal" for product "Capi-release" and version "1.34.0"
-
Affected
Pivotal
Search vendor "Pivotal"
Capi-release
Search vendor "Pivotal" for product "Capi-release"
1.35.0
Search vendor "Pivotal" for product "Capi-release" and version "1.35.0"
-
Affected
Pivotal
Search vendor "Pivotal"
Capi-release
Search vendor "Pivotal" for product "Capi-release"
1.36.0
Search vendor "Pivotal" for product "Capi-release" and version "1.36.0"
-
Affected
Pivotal
Search vendor "Pivotal"
Capi-release
Search vendor "Pivotal" for product "Capi-release"
1.37.0
Search vendor "Pivotal" for product "Capi-release" and version "1.37.0"
-
Affected
Pivotal
Search vendor "Pivotal"
Capi-release
Search vendor "Pivotal" for product "Capi-release"
1.38.0
Search vendor "Pivotal" for product "Capi-release" and version "1.38.0"
-
Affected
Pivotal
Search vendor "Pivotal"
Capi-release
Search vendor "Pivotal" for product "Capi-release"
1.39.0
Search vendor "Pivotal" for product "Capi-release" and version "1.39.0"
-
Affected
Pivotal
Search vendor "Pivotal"
Capi-release
Search vendor "Pivotal" for product "Capi-release"
1.40.0
Search vendor "Pivotal" for product "Capi-release" and version "1.40.0"
-
Affected
Pivotal
Search vendor "Pivotal"
Capi-release
Search vendor "Pivotal" for product "Capi-release"
1.41.0
Search vendor "Pivotal" for product "Capi-release" and version "1.41.0"
-
Affected