CVE-2017-14389
- Source
- https://cve.org/CVERecord?id=CVE-2017-14389
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14389.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-14389
- Published
- 2017-11-28T07:29:00.303Z
- Modified
- 2026-04-10T03:58:40.316979Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."
- References
Affected packages
Git / github.com/cloudfoundry-attic/cf-release
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudfoundry-attic/cf-release
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "280" } ] }
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/capi-release
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "1.45.0" }, { "introduced": "0" }, { "fixed": "1.0.0" } ] }
Affected versions
Other
-
list
log
scotty_09012012
v100
v102
v103
v104
v105
v109
v119
v132
v133
v134
v135
v136
v137
v140
v143
v156
v157
v161
v170
v183
v205
v245
v249
v253
v260
v262
v275
v276
v278
v99
works-for-us
1.*
1.0.0
1.1.0
1.10.0
1.11.0
1.12.0
1.13.0
1.14.0
1.15.0
1.16.0
1.19.0
1.2.0
1.20.0
1.21.0
1.22.0
1.23.0
1.24.0
1.25.0
1.26.0
1.27.0
1.28.0
1.3.0
1.30.0
1.31.0
1.32.0
1.33.0
1.34.0
1.35.0
1.36.0
1.38.0
1.4.0
1.40.0
1.41.0
1.42.0
1.5.0
1.6.0
1.7.0
1.8.0
1.9.0
rc145.*
rc145.0
v1.*
v1.0.0