CVE-2017-4973
- Source
- https://cve.org/CVERecord?id=CVE-2017-4973
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-4973.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-4973
- Aliases
- Published
- 2017-06-13T06:29:00.660Z
- Modified
- 2026-04-10T04:00:28.896288Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. A vulnerability has been identified with the groups endpoint in UAA allowing users to elevate their privileges.
- References
Affected packages
Git / github.com/cloudfoundry/cf-release
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/cf-release
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "256" } ] }
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/uaa
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "2.2.5.4" }, { "introduced": "0" }, { "last_affected": "2.7.1" }, { "introduced": "0" }, { "last_affected": "2.7.2" }, { "introduced": "0" }, { "last_affected": "2.7.3" }, { "introduced": "0" }, { "last_affected": "2.7.4" }, { "introduced": "0" }, { "last_affected": "2.7.4.1" }, { "introduced": "0" }, { "last_affected": "2.7.4.2" }, { "introduced": "0" }, { "last_affected": "2.7.4.3" }, { "introduced": "0" }, { "last_affected": "2.7.4.4" }, { "introduced": "0" }, { "last_affected": "2.7.4.5" }, { "introduced": "0" }, { "last_affected": "2.7.4.6" }, { "introduced": "0" }, { "last_affected": "2.7.4.7" }, { "introduced": "0" }, { "last_affected": "2.7.4.8" }, { "introduced": "0" }, { "last_affected": "2.7.4.9" }, { "introduced": "0" }, { "last_affected": "2.7.4.11" }, { "introduced": "0" }, { "last_affected": "2.7.4.12" }, { "introduced": "0" }, { "last_affected": "2.7.4.13" }, { "introduced": "0" }, { "last_affected": "3.6.1" }, { "introduced": "0" }, { "last_affected": "3.6.2" }, { "introduced": "0" }, { "last_affected": "3.6.3" }, { "introduced": "0" }, { "last_affected": "3.6.4" }, { "introduced": "0" }, { "last_affected": "3.6.5" }, { "introduced": "0" }, { "last_affected": "3.6.6" }, { "introduced": "0" }, { "last_affected": "3.6.7" }, { "introduced": "0" }, { "last_affected": "3.9.1" }, { "introduced": "0" }, { "last_affected": "3.9.2" }, { "introduced": "0" }, { "last_affected": "3.9.3" }, { "introduced": "0" }, { "last_affected": "3.9.4" }, { "introduced": "0" }, { "last_affected": "3.9.5" }, { "introduced": "0" }, { "last_affected": "3.9.6" }, { "introduced": "0" }, { "last_affected": "3.9.7" }, { "introduced": "0" }, { "last_affected": "3.9.8" }, { "introduced": "0" }, { "last_affected": "3.9.9" }, { "introduced": "0" }, { "last_affected": "3.9.12" }, { "introduced": "0" }, { "last_affected": "3.9.13" } ] }
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/uaa-release
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "30" }, { "introduced": "0" }, { "last_affected": "13.1" }, { "introduced": "0" }, { "last_affected": "13.2" }, { "introduced": "0" }, { "last_affected": "13.3" }, { "introduced": "0" }, { "last_affected": "13.4" }, { "introduced": "0" }, { "last_affected": "13.5" }, { "introduced": "0" }, { "last_affected": "13.6" }, { "introduced": "0" }, { "last_affected": "13.7" }, { "introduced": "0" }, { "last_affected": "13.8" }, { "introduced": "0" }, { "last_affected": "13.9" }, { "introduced": "0" }, { "last_affected": "13.10" }, { "introduced": "0" }, { "last_affected": "13.11" }, { "introduced": "0" }, { "last_affected": "24" }, { "introduced": "0" }, { "last_affected": "24.1" }, { "introduced": "0" }, { "last_affected": "24.2" }, { "introduced": "0" }, { "last_affected": "24.3" }, { "introduced": "0" }, { "last_affected": "24.4" }, { "introduced": "0" }, { "last_affected": "24.5" }, { "introduced": "0" }, { "last_affected": "24.6" }, { "introduced": "0" }, { "last_affected": "30.1" }, { "introduced": "0" }, { "last_affected": "30.2" }, { "introduced": "0" }, { "last_affected": "30.3" } ] }
Affected versions
Other
-
ci-upgrade
lenient_hybrid_flow
list
log
scotty_09012012
travis-success-1475
travis-success-1478
travis-success-1497
v10
v100
v102
v103
v104
v105
v109
v11
v119
v12
v13
v132
v133
v134
v135
v136
v137
v14
v140
v143
v15
v156
v157
v16
v161
v17
v170
v18
v183
v19
v2
v20
v205
v21
v22
v23
v24
v245
v249
v25
v253
v256
v26
v27
v3
v30
v6
v7
v8
v9
v99
works-for-us
1.*
1.0.1
1.0.3
1.1
1.1.1
1.1.2
1.10
1.11
1.2.0
1.2.6
1.4.0
1.4.1
1.4.2
1.4.3
1.4.5
1.4.6
1.4.7
1.5.0
1.5.2
1.5.2.1
1.5.3
1.5.4
1.5.4.1
1.6.0
1.6.1
1.6.2
1.6.4
1.6.5
1.7.0
1.7.1
1.7.2
1.8.0
1.8.1
1.8.2
1.8.3
1.9.0
1.9.1
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.2.4.1
2.2.5
2.2.5.3
2.2.5.4
2.2.6
2.3.0
2.3.1
2.3.1.1
2.4.0
2.4.1
2.5.0
2.5.1
2.5.2
2.6.0
2.6.1
2.6.2
2.7.0
2.7.0.1
2.7.0.2
2.7.0.3
2.7.1
2.7.2
2.7.3
2.7.4
2.7.4.1
2.7.4.10
2.7.4.11
2.7.4.12
2.7.4.13
2.7.4.2
2.7.4.3
2.7.4.4
2.7.4.5
2.7.4.6
2.7.4.7
2.7.4.8
2.7.4.9
3.*
3.0.0
3.0.1
3.1.0
3.2.0
3.2.1
3.3.0
3.3.0.1
3.4.0
3.4.1
3.4.2
3.5.0
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.6.7
3.8.0
3.9.0
3.9.1
3.9.10
3.9.11
3.9.12
3.9.13
3.9.2
3.9.3
3.9.4
3.9.5
3.9.6
3.9.7
3.9.8
3.9.9
rc145.*
rc145.0
v12.*
v12.1
v12.3
v13.*
v13.1
v13.10
v13.11
v13.2
v13.3
v13.4
v13.5
v13.6
v13.7
v13.8
v13.9
v24.*
v24.1
v24.2
v24.3
v24.4
v24.5
v24.6
v30.*
v30.1
v30.2
v30.3