CVE-2017-8033

Summary

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM.

Affected Software

VendorProductVersion RangeStatus
n/aCloud Controller API CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268Cloud Controller API CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268affected

Weaknesses

  • API filesystem traversal vulnerability

ADP Enrichment

CVE Program Container

Additional References

References