CVE-2017-8048

Published: Oct 4, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.

Affected (15)

Products: Cloudfoundry: Cf Release · Pivotal: Capi Release

1 product

1 product

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Cloudfoundry Cf Release	Version 268
Cloudfoundry Cf Release	Version 269
Cloudfoundry Cf Release	Version 270
Cloudfoundry Cf Release	Version 271
Cloudfoundry Cf Release	Version 272
Cloudfoundry Cf Release	Version 273
Pivotal Capi Release	Version 1.33.0
Pivotal Capi Release	Version 1.34.0
Pivotal Capi Release	Version 1.35.0
Pivotal Capi Release	Version 1.36.0
Pivotal Capi Release	Version 1.37.0
Pivotal Capi Release	Version 1.38.0
Pivotal Capi Release	Version 1.39.0
Pivotal Capi Release	Version 1.40.0
Pivotal Capi Release	Version 1.41.0

References (2)

https://www.cloudfoundry.org/cve-2017-8048/

Source: security_alert@emc.com

Vendor Advisory

https://www.cloudfoundry.org/cve-2017-8048/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.