CVE-2017-8048
- Source
- https://cve.org/CVERecord?id=CVE-2017-8048
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8048.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-8048
- Published
- 2017-10-04T01:29:03.653Z
- Modified
- 2026-04-10T04:01:07.851893Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.
- References
Affected packages
Git / github.com/cloudfoundry/cf-release
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/cf-release
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "268" }, { "introduced": "0" }, { "last_affected": "269" }, { "introduced": "0" }, { "last_affected": "270" }, { "introduced": "0" }, { "last_affected": "271" }, { "introduced": "0" }, { "last_affected": "272" }, { "introduced": "0" }, { "last_affected": "273" } ] }
Affected versions
Other
-
list
log
scotty_09012012
v100
v102
v103
v104
v105
v109
v119
v132
v133
v134
v135
v136
v137
v140
v143
v156
v157
v161
v170
v183
v205
v245
v249
v253
v260
v262
v268
v269
v270
v271
v272
v273
v99
works-for-us
rc145.*
rc145.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8048.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.33.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.34.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.35.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.36.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.37.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.38.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.39.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.40.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.41.0"
}
]
}
]