Vulnerability Details CVE-2017-8037
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2017-8037
-
cpe:2.3:a:cloudfoundry:capi-release:1.10.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.11.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.12.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.13.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.14.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.15.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.16.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.17.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.18.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.19.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.20.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.21.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.22.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.23.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.24.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.25.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.26.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.27.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.28.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.29.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.30.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.31.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.32.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.33.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.34.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.35.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.36.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.37.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.7.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.8.0
-
cpe:2.3:a:cloudfoundry:capi-release:1.9.0
-
cpe:2.3:a:cloudfoundry:cf-release:245
-
cpe:2.3:a:cloudfoundry:cf-release:246
-
cpe:2.3:a:cloudfoundry:cf-release:247
-
cpe:2.3:a:cloudfoundry:cf-release:248
-
cpe:2.3:a:cloudfoundry:cf-release:249
-
cpe:2.3:a:cloudfoundry:cf-release:250
-
cpe:2.3:a:cloudfoundry:cf-release:251
-
cpe:2.3:a:cloudfoundry:cf-release:252
-
cpe:2.3:a:cloudfoundry:cf-release:253
-
cpe:2.3:a:cloudfoundry:cf-release:254
-
cpe:2.3:a:cloudfoundry:cf-release:255
-
cpe:2.3:a:cloudfoundry:cf-release:256
-
cpe:2.3:a:cloudfoundry:cf-release:257
-
cpe:2.3:a:cloudfoundry:cf-release:258
-
cpe:2.3:a:cloudfoundry:cf-release:259
-
cpe:2.3:a:cloudfoundry:cf-release:260
-
cpe:2.3:a:cloudfoundry:cf-release:261
-
cpe:2.3:a:cloudfoundry:cf-release:262
-
cpe:2.3:a:cloudfoundry:cf-release:263
-
cpe:2.3:a:cloudfoundry:cf-release:264
-
cpe:2.3:a:cloudfoundry:cf-release:265
-
cpe:2.3:a:cloudfoundry:cf-release:266
-
cpe:2.3:a:cloudfoundry:cf-release:267
-
cpe:2.3:a:cloudfoundry:cf-release:268
-
cpe:2.3:a:cloudfoundry:cf-release:269