CVE-2017-14389
First published: Tue Nov 28 2017(Updated: )
An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloudfoundry Capi-release | <1.45.0 | |
| Cloudfoundry Cf-deployment | <1.0.0 | |
| Cloudfoundry Cf-release | <280 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2017-14389.
What is the severity level of CVE-2017-14389?
The severity level of CVE-2017-14389 is medium.
Which software versions are affected by CVE-2017-14389?
CVE-2017-14389 affects all versions prior to capi-release 1.45.0, cf-deployment 1.0.0, and cf-release 280.
What is the issue with the Cloud Controller in CVE-2017-14389?
The Cloud Controller in CVE-2017-14389 does not prevent space developers from creating subdomains to an already existing route.
Where can I find more information about CVE-2017-14389?
More information about CVE-2017-14389 can be found at https://www.cloudfoundry.org/cve-2017-14389/
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/cloudfoundry
- canonical/cloudfoundry capi-release
- canonical/cloudfoundry cf-deployment
- canonical/cloudfoundry cf-release