Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2017-4969: Bug in CC allows users to exceed quotas

by: April 13, 2017

CVE-2017-4969: Bug in CC allows users to exceed quotas

Severity

High

Vendor

Cloud Foundry Foundation

Versions Affected

  • cf-release versions prior to v255

Description

The Cloud Foundry Cloud Controller allows authenticated developer users to exceed memory and disk quotas for tasks.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • Upgrade to Cloud Foundry v255 [1] or later

Credit

This issue was responsibly reported by the Cloud Foundry CAPI Team.

References

History

2017-04-13: Initial vulnerability report published

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

CVE-2013-7456 and CVE-2016-5093 PHP vulnerabilities
Security Advisory

CVE-2013-7456 and CVE-2016-5093 PHP vulnerabilities

by Cloud Foundry Foundation Security Team June 8, 2016
USN-5716-1: SQLite vulnerability
Security Advisory

USN-5716-1: SQLite vulnerability

by Cloud Foundry Foundation Security Team December 7, 2022
RunC Exec Vulnerability
Security Advisory

RunC Exec Vulnerability

by Cloud Foundry Foundation Security Team January 12, 2017
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept