First published: Wed Apr 18 2018(Updated: )
Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cloudfoundry Capi-release | <1.0.0 | |
Cloudfoundry Cloud Controller | ||
Cloudfoundry Cf-release | <237 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2016-2169 is medium with a severity value of 5.3.
CVE-2016-2169 refers to a business logic flaw in Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, where an application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service.
Cloudfoundry Capi-release versions prior to 1.0.0 and Cloudfoundry Cf-release versions prior to v237 are affected by CVE-2016-2169.
To fix CVE-2016-2169, update to Cloud Foundry Cloud Controller capi-release version 1.0.0 or later, and cf-release version v237 or later.
You can find more information about CVE-2016-2169 at the following link: [https://github.com/cloudfoundry/cloud_controller_ng/issues/568](https://github.com/cloudfoundry/cloud_controller_ng/issues/568)