Vulnerability in Cloudfoundry Cf-release

CVE-2017-8048

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrar…

EPSS: 0.004 (62.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

  • Cloudfoundry Cf-release — versions 268, 269, 270
  • Pivotal Capi-release — versions 1.33.0, 1.34.0, 1.35.0
  • N/a Cloud Controller Vm Capi-release Versions 1.33.0 And Later, Prior To 1.42.0, Cf-release 268 274 — versions Cloud Controller VM capi-release versions 1.33.0 and later, prior to 1.42.0, cf-release versions 268 and later, prior to 274

References

Frequently asked questions

What is CVE-2017-8048?
CVE-2017-8048 is a high-severity vulnerability in Cloudfoundry Cf-release. CVSS score: 7.8/10. Published 2017-10-04.
How severe is CVE-2017-8048?
High severity. CVSS v3 base score is 7.8 out of 10.