CVE-2017-8035

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-8035

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8035.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-8035

Published

2017-07-25T04:29:00.257Z

Modified

2026-03-03T01:06:52.971451Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation.

References

https://www.cloudfoundry.org/cve-2017-8035/

Affected packages

Git / github.com/cloudfoundry/capi-release

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/capi-release
Events: Introduced

c952006df4174249d91e296c799ab54361822477

Fixed

ae579cbaab4cfea17e5b85e4db9a83b4c8d52b23

Affected versions

1.*

1.10.0

1.11.0

1.12.0

1.13.0

1.14.0

1.15.0

1.16.0

1.17.0

1.18.0

1.19.0

1.20.0

1.21.0

1.22.0

1.23.0

1.24.0

1.25.0

1.26.0

1.27.0

1.28.0

1.29.0

1.30.0

1.31.0

1.32.0

1.33.0

1.34.0

1.7.0

1.8.0

1.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8035.json"

Git / github.com/cloudfoundry/cf-release

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/cf-release
Events: Introduced

1a84cd71377a1ac645f76c686156142ea0685067

Fixed

befcb8a72297f8f132ee6cb4653d7d20cbd57041

Affected versions

Other

v245

v246

v247

v248

v249

v250

v251

v252

v253

v254

v255

v256

v257

v258

v259

v260

v261

v262

v263

v264

v265

v266

v267

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8035.json"