In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.
2017-08-21T22:29:00.183
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cloudfoundry | capi-release | 1.7.0 | Yes |
| Application | cloudfoundry | capi-release | 1.8.0 | Yes |
| Application | cloudfoundry | capi-release | 1.9.0 | Yes |
| Application | cloudfoundry | capi-release | 1.10.0 | Yes |
| Application | cloudfoundry | capi-release | 1.11.0 | Yes |
| Application | cloudfoundry | capi-release | 1.12.0 | Yes |
| Application | cloudfoundry | capi-release | 1.13.0 | Yes |
| Application | cloudfoundry | capi-release | 1.14.0 | Yes |
| Application | cloudfoundry | capi-release | 1.15.0 | Yes |
| Application | cloudfoundry | capi-release | 1.16.0 | Yes |
| Application | cloudfoundry | capi-release | 1.17.0 | Yes |
| Application | cloudfoundry | capi-release | 1.18.0 | Yes |
| Application | cloudfoundry | capi-release | 1.19.0 | Yes |
| Application | cloudfoundry | capi-release | 1.20.0 | Yes |
| Application | cloudfoundry | capi-release | 1.21.0 | Yes |
| Application | cloudfoundry | capi-release | 1.22.0 | Yes |
| Application | cloudfoundry | capi-release | 1.23.0 | Yes |
| Application | cloudfoundry | capi-release | 1.24.0 | Yes |
| Application | cloudfoundry | capi-release | 1.25.0 | Yes |
| Application | cloudfoundry | capi-release | 1.26.0 | Yes |
| Application | cloudfoundry | capi-release | 1.27.0 | Yes |
| Application | cloudfoundry | capi-release | 1.28.0 | Yes |
| Application | cloudfoundry | capi-release | 1.29.0 | Yes |
| Application | cloudfoundry | capi-release | 1.30.0 | Yes |
| Application | cloudfoundry | capi-release | 1.31.0 | Yes |
| Application | cloudfoundry | capi-release | 1.32.0 | Yes |
| Application | cloudfoundry | capi-release | 1.33.0 | Yes |
| Application | cloudfoundry | capi-release | 1.34.0 | Yes |
| Application | cloudfoundry | capi-release | 1.35.0 | Yes |
| Application | cloudfoundry | capi-release | 1.36.0 | Yes |
| Application | cloudfoundry | capi-release | 1.37.0 | Yes |
| Application | cloudfoundry | cf-release | 245 | Yes |
| Application | cloudfoundry | cf-release | 246 | Yes |
| Application | cloudfoundry | cf-release | 247 | Yes |
| Application | cloudfoundry | cf-release | 248 | Yes |
| Application | cloudfoundry | cf-release | 249 | Yes |
| Application | cloudfoundry | cf-release | 250 | Yes |
| Application | cloudfoundry | cf-release | 251 | Yes |
| Application | cloudfoundry | cf-release | 252 | Yes |
| Application | cloudfoundry | cf-release | 253 | Yes |
| Application | cloudfoundry | cf-release | 254 | Yes |
| Application | cloudfoundry | cf-release | 255 | Yes |
| Application | cloudfoundry | cf-release | 256 | Yes |
| Application | cloudfoundry | cf-release | 257 | Yes |
| Application | cloudfoundry | cf-release | 258 | Yes |
| Application | cloudfoundry | cf-release | 259 | Yes |
| Application | cloudfoundry | cf-release | 260 | Yes |
| Application | cloudfoundry | cf-release | 261 | Yes |
| Application | cloudfoundry | cf-release | 262 | Yes |
| Application | cloudfoundry | cf-release | 263 | Yes |
| Application | cloudfoundry | cf-release | 264 | Yes |
| Application | cloudfoundry | cf-release | 265 | Yes |
| Application | cloudfoundry | cf-release | 266 | Yes |
| Application | cloudfoundry | cf-release | 267 | Yes |
| Application | cloudfoundry | cf-release | 268 | Yes |
| Application | cloudfoundry | cf-release | 269 | Yes |