CVE-2017-8036: Cloud Controller API regression

Severity

Critical

Vendor

Cloud Foundry Foundation

Versions Affected

CAPI-release version 1.33.0 only

Description

The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially-crafted application.

Mitigation

Users of affected versions should apply the following mitigation or upgrade:

Note: The affected version of CAPI-release was not included in any cf-release.
Standalone component users should upgrade CAPI-release to v1.35.0 or later. [1]

Credit

This vulnerability was responsibly reported by the CAPI team.

References

[1] https://github.com/cloudfoundry/capi-release/releases

History

2017-07-19: Initial vulnerability report published

CVE-2017-8036: Cloud Controller API regression

CVE-2017-8036: Cloud Controller API regression

Severity

Vendor

Versions Affected

Description

Mitigation

Credit

References

History

You Might Also Like

USN-3806-1: systemd vulnerability

USN-3441-1: curl vulnerabilities

USN-2812-1 libxml2 vulnerability

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!