CVE-2017-8034
N/A
N/A
Summary
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Cloud Foundry | Cloud Foundry | affected |
Weaknesses
- Privilege escalation
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.