CVE-2017-8048 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cloudfoundry	Cf-Release	268
Pivotal	Capi-Release	1.33.0

References

https://www.cloudfoundry.org/cve-2017-8048/Vendor Advisory
https://www.cloudfoundry.org/cve-2017-8048/Vendor Advisory

FAQ

What is CVE-2017-8048?

CVE-2017-8048 is a vulnerability with a CVSS score of 7.8 (HIGH). In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allow...

How severe is CVE-2017-8048?

CVE-2017-8048 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8048?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudfoundry Cf-Release, Pivotal Capi-Release.