CVE-2017-8037

Published Aug 21, 2017
Last updated 6 years ago
CVSS high 7.5
Overview

Description: In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.
Source: security_alert@emc.com
NVD status: Modified
Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-200
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F260594E-4032-406D-8B84-3E91400F86FF"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2D9350E-0AA5-4D9A-A41A-855B40E440D6"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A66A9C0A-9B42-4B7E-A4B7-F06601B67FB8"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "207F6A29-0A37-4CDD-8DB2-E6CD89204013"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3803207-D7A0-47E0-A357-314C245C5C13"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "039156DB-D2DC-4AD5-9ACE-52095FE688BE"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.13.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7343B84E-3255-4BB4-A988-03BC9DC8D7E3"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EB53101-EC12-49DE-8C3C-3B373C4FA1E0"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15625A3E-61A4-4F7E-BFEC-7ED830AE41C9"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.16.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38B7D6B1-2CB1-4FB1-BC63-3104391D2742"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.17.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4D9D5D4-14E4-404A-B88E-78C8A37CB9B3"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.18.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C56907A-3233-435F-933B-8E3ED4965BC8"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.19.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A33E86E4-BD1C-4D03-9AF4-7A86B0B5BCE1"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.20.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C409657C-0C4D-4873-B707-38AC618035CF"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.21.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41CD5C38-E188-41DB-A811-27438525FDAD"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.22.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E3EC8F2-3520-4952-9541-3C56F6D131BF"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.23.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1671324-93EB-4409-9BA5-0D2D847C6A85"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.24.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45AC669D-3AED-48C2-ADA2-D1EE235FA793"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.25.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8970738B-E240-4C3E-A8F6-57FB66976B6A"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.26.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00406C75-1032-49A3-9C4E-AC41F46CA778"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.27.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D464CFBC-5AEF-4B65-8616-8E31E8C856D5"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.28.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FE0978C-1BEC-4FCE-A625-0FF196B3E6C6"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.29.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B258E3E-2291-4180-9735-71EE2874250B"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.30.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D416F421-66EB-4A80-BC1A-B99AE3F7E126"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.31.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D8DA9C5-C65C-467B-AD90-8B84E8EF9397"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.32.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D7F5A30-36EF-4F1D-B712-4F482F757CEA"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.33.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8D55D28-676E-42C4-90A5-C9CE306D42C7"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.34.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76369246-BE4B-4FAC-855B-8590C5C8DFBA"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.35.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F684CB9F-8079-452A-9F27-8F964C636AD2"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.36.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "772569FD-E641-42EB-A694-64EC4E7437E3"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.37.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35A5003C-2FB9-4FA3-AC7E-038CD573A23C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:245:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DA6A56C-E0FE-4CB1-BE86-4C1E80D97265"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:246:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BAF4D7D1-4C35-4F76-816D-3F2407804E85"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:247:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D852D5F4-DDB4-4C76-88B6-EB49E21FEDC5"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:248:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B35C30C1-E2B9-4590-8765-1E0DA735E026"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:249:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3680FAA7-9B57-4A9A-BD20-68821A7D4FE2"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:250:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9F9A19A-9E31-4E4A-869C-9C13163A06C6"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:251:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F08095E9-1BA9-438F-B776-D75F419E682E"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:252:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAE29D36-9A2E-4D87-8C0C-D8FC1034B027"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:253:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E227D42-19CA-45DD-AAC1-8D31537B5BFA"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:254:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC145421-17F6-438B-9C3F-8DED72F3B5B8"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:255:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5046C2CB-99C6-4243-B830-B3957910F1AF"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:256:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A07B320-7DC3-4E7B-8997-6606F8FCBEBB"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:257:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F7777A5-9136-49E4-9A6F-3C9A6687DAA7"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:258:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88C90B83-9597-427C-A941-06F0C5A8C3DD"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:259:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3D92B65-E45A-42EE-B0B9-AD69E1881E2B"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:260:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A98BAE4B-184F-49A4-89E1-4F270CC7FEC8"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:261:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7E78B11-B3E9-4D62-8F17-F2575D7F9181"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:262:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB5EF186-0D05-497D-A66C-142ED0DFA973"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:263:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A262620-E71A-44C7-A1F4-BEEDF107BC2E"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:264:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9D721F9-227C-4F1D-9010-D1920F692228"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:265:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AE4BA55-963C-4EB1-AD85-344AAE107A82"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:266:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E5827B3-143F-408B-A0C7-005079BD9215"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:267:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "762BE4A1-931B-4C44-94C8-F5DC894CFD1F"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:268:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "735E1016-97F0-4286-955F-6017A2F8AD79"
          },
          {
            "criteria": "cpe:2.3:a:cloudfoundry:cf-release:269:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F021AB15-30F0-46DE-B613-11E3D4C9FD50"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
