CVE-2017-8036

Summary

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application.

Affected Software

VendorProductVersion RangeStatus
n/aCloud Controller API CAPI-release version 1.33.0 onlyCloud Controller API CAPI-release version 1.33.0 onlyaffected

Weaknesses

  • API regression

ADP Enrichment

CVE Program Container

Additional References

References