Strix
26.1K

CVE-2017-8037

UnknownEPSS 1.42%

Last modified

CVE-2017-8037 is a vulnerability of currently unknown severity. In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. EPSS estimates a 1.42% chance of exploitation in the next 30 days.

Description

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.

Metrics

EPSS Probability
1.42%

69.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CloudfoundryCapi-Release1.7.0
CloudfoundryCapi-Release1.8.0
CloudfoundryCapi-Release1.9.0
CloudfoundryCapi-Release1.10.0
CloudfoundryCapi-Release1.11.0
CloudfoundryCapi-Release1.12.0
CloudfoundryCapi-Release1.13.0
CloudfoundryCapi-Release1.14.0
CloudfoundryCapi-Release1.15.0
CloudfoundryCapi-Release1.16.0
CloudfoundryCapi-Release1.17.0
CloudfoundryCapi-Release1.18.0
CloudfoundryCapi-Release1.19.0
CloudfoundryCapi-Release1.20.0
CloudfoundryCapi-Release1.21.0
CloudfoundryCapi-Release1.22.0
CloudfoundryCapi-Release1.23.0
CloudfoundryCapi-Release1.24.0
CloudfoundryCapi-Release1.25.0
CloudfoundryCapi-Release1.26.0
CloudfoundryCapi-Release1.27.0
CloudfoundryCapi-Release1.28.0
CloudfoundryCapi-Release1.29.0
CloudfoundryCapi-Release1.30.0
CloudfoundryCapi-Release1.31.0
CloudfoundryCapi-Release1.32.0
CloudfoundryCapi-Release1.33.0
CloudfoundryCapi-Release1.34.0
CloudfoundryCapi-Release1.35.0
CloudfoundryCapi-Release1.36.0
CloudfoundryCapi-Release1.37.0
CloudfoundryCf-Release245
CloudfoundryCf-Release246
CloudfoundryCf-Release247
CloudfoundryCf-Release248
CloudfoundryCf-Release249
CloudfoundryCf-Release250
CloudfoundryCf-Release251
CloudfoundryCf-Release252
CloudfoundryCf-Release253
CloudfoundryCf-Release254
CloudfoundryCf-Release255
CloudfoundryCf-Release256
CloudfoundryCf-Release257
CloudfoundryCf-Release258
CloudfoundryCf-Release259
CloudfoundryCf-Release260
CloudfoundryCf-Release261
CloudfoundryCf-Release262
CloudfoundryCf-Release263

Showing 50 of 56 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-8037?
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.
How severe is CVE-2017-8037?
Severity scoring for CVE-2017-8037 is pending analysis. The EPSS model estimates a 1.42% probability of exploitation in the next 30 days.
How do I fix CVE-2017-8037?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-8037?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST