CVE-2017-8032
First published: Mon Jul 10 2017(Updated: )
In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider.
Credit: security_alert@emc.com security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.cloudfoundry.identity:cloudfoundry-identity-server | >=4.0.0<4.4.0 | 4.4.0 |
| maven/org.cloudfoundry.identity:cloudfoundry-identity-server | >=3.10.0<3.20.0 | 3.20.0 |
| maven/org.cloudfoundry.identity:cloudfoundry-identity-server | >=3.7.0<3.9.15 | 3.9.15 |
| maven/org.cloudfoundry.identity:cloudfoundry-identity-server | <3.6.13 | 3.6.13 |
| Cloud Foundry User Account and Authentication (UAA) | =2.2.5.4 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.1 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.2 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.3 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.1 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.2 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.3 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.4 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.5 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.6 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.7 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.8 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.9 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.11 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.12 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.13 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.14 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.15 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.16 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.6.1 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.6.2 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.6.3 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.6.4 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.6.5 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.6.6 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.6.7 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.6.8 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.6.9 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.6.10 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.6.11 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.6.12 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.9.1 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.9.2 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.9.3 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.9.4 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.9.5 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.9.6 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.9.7 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.9.8 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.9.9 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.9.10 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.9.11 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.9.12 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.9.13 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.9.14 | |
| Cloud Foundry UAA | <=40 | |
| Cloud Foundry UAA | =13.1 | |
| Cloud Foundry UAA | =13.2 | |
| Cloud Foundry UAA | =13.3 | |
| Cloud Foundry UAA | =13.4 | |
| Cloud Foundry UAA | =13.5 | |
| Cloud Foundry UAA | =13.6 | |
| Cloud Foundry UAA | =13.7 | |
| Cloud Foundry UAA | =13.8 | |
| Cloud Foundry UAA | =13.9 | |
| Cloud Foundry UAA | =13.10 | |
| Cloud Foundry UAA | =13.11 | |
| Cloud Foundry UAA | =13.12 | |
| Cloud Foundry UAA | =13.13 | |
| Cloud Foundry UAA | =13.14 | |
| Cloud Foundry UAA | =13.15 | |
| Cloud Foundry UAA | =13.16 | |
| Cloud Foundry UAA | =24 | |
| Cloud Foundry UAA | =24.1 | |
| Cloud Foundry UAA | =24.2 | |
| Cloud Foundry UAA | =24.3 | |
| Cloud Foundry UAA | =24.4 | |
| Cloud Foundry UAA | =24.5 | |
| Cloud Foundry UAA | =24.6 | |
| Cloud Foundry UAA | =24.7 | |
| Cloud Foundry UAA | =24.8 | |
| Cloud Foundry UAA | =24.9 | |
| Cloud Foundry UAA | =24.10 | |
| Cloud Foundry UAA | =24.11 | |
| Cloud Foundry UAA | =30 | |
| Cloud Foundry UAA | =30.1 | |
| Cloud Foundry UAA | =30.2 | |
| Cloud Foundry UAA | =30.3 | |
| Cloud Foundry UAA | =30.4 | |
| Cloud Foundry Cf-networking | <=263 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cloudfoundry.org/cve-2017-8032/
- https://nvd.nist.gov/vuln/detail/CVE-2017-8032
- https://github.com/cloudfoundry/uaa/commit/2c10c43f04cf31e9f8f496cd218bfc773dfc149
- https://github.com/cloudfoundry/uaa/commit/4e4d653edb6b8f68e12b7c415e07e068b1574b8
- https://github.com/cloudfoundry/uaa/commit/aa308c463eaec96704198c2686306c9fc42f126e
- https://github.com/cloudfoundry/uaa/commit/ea8c0ce7740a5d756d9f11964f6a6b4df54cc3b2
- https://www.cloudfoundry.org/cve-2017-8032
- https://github.com/advisories/GHSA-9frw-wmvq-5rrc (Advisory)
Frequently Asked Questions
What is the severity of CVE-2017-8032?
The severity of CVE-2017-8032 is classified as medium, impacting certain versions of Cloud Foundry UAA and cf-release.
How do I fix CVE-2017-8032?
To fix CVE-2017-8032, upgrade to the specified remedial versions such as Cloud Foundry UAA version 4.4.0 or 3.20.0.
Which versions of Cloud Foundry are affected by CVE-2017-8032?
CVE-2017-8032 affects Cloud Foundry cf-release versions prior to v264 and various UAA versions detailed in the vulnerability description.
Is there a patch available for CVE-2017-8032?
Yes, patches are available in the form of upgrades to the mentioned remedial versions of Cloud Foundry UAA.
What are the consequences of not addressing CVE-2017-8032?
Failure to address CVE-2017-8032 may result in unauthorized access to user accounts or other security vulnerabilities.
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-9frw-wmvq-5rrc
- alias/CVE-2017-8032
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/author
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- package-manager/maven
- vendor/pivotal software
- canonical/cloud foundry user account and authentication (uaa)
- version/cloud foundry user account and authentication (uaa)/2.2.5.4
- version/cloud foundry user account and authentication (uaa)/2.7.1
- version/cloud foundry user account and authentication (uaa)/2.7.2
- version/cloud foundry user account and authentication (uaa)/2.7.3
- version/cloud foundry user account and authentication (uaa)/2.7.4
- version/cloud foundry user account and authentication (uaa)/2.7.4.1
- version/cloud foundry user account and authentication (uaa)/2.7.4.2
- version/cloud foundry user account and authentication (uaa)/2.7.4.3
- version/cloud foundry user account and authentication (uaa)/2.7.4.4
- version/cloud foundry user account and authentication (uaa)/2.7.4.5
- version/cloud foundry user account and authentication (uaa)/2.7.4.6
- version/cloud foundry user account and authentication (uaa)/2.7.4.7
- version/cloud foundry user account and authentication (uaa)/2.7.4.8
- version/cloud foundry user account and authentication (uaa)/2.7.4.9
- version/cloud foundry user account and authentication (uaa)/2.7.4.11
- version/cloud foundry user account and authentication (uaa)/2.7.4.12
- version/cloud foundry user account and authentication (uaa)/2.7.4.13
- version/cloud foundry user account and authentication (uaa)/2.7.4.14
- version/cloud foundry user account and authentication (uaa)/2.7.4.15
- version/cloud foundry user account and authentication (uaa)/2.7.4.16
- version/cloud foundry user account and authentication (uaa)/3.6.1
- version/cloud foundry user account and authentication (uaa)/3.6.2
- version/cloud foundry user account and authentication (uaa)/3.6.3
- version/cloud foundry user account and authentication (uaa)/3.6.4
- version/cloud foundry user account and authentication (uaa)/3.6.5
- version/cloud foundry user account and authentication (uaa)/3.6.6
- version/cloud foundry user account and authentication (uaa)/3.6.7
- version/cloud foundry user account and authentication (uaa)/3.6.8
- version/cloud foundry user account and authentication (uaa)/3.6.9
- version/cloud foundry user account and authentication (uaa)/3.6.10
- version/cloud foundry user account and authentication (uaa)/3.6.11
- version/cloud foundry user account and authentication (uaa)/3.6.12
- version/cloud foundry user account and authentication (uaa)/3.9.1
- version/cloud foundry user account and authentication (uaa)/3.9.2
- version/cloud foundry user account and authentication (uaa)/3.9.3
- version/cloud foundry user account and authentication (uaa)/3.9.4
- version/cloud foundry user account and authentication (uaa)/3.9.5
- version/cloud foundry user account and authentication (uaa)/3.9.6
- version/cloud foundry user account and authentication (uaa)/3.9.7
- version/cloud foundry user account and authentication (uaa)/3.9.8
- version/cloud foundry user account and authentication (uaa)/3.9.9
- version/cloud foundry user account and authentication (uaa)/3.9.10
- version/cloud foundry user account and authentication (uaa)/3.9.11
- version/cloud foundry user account and authentication (uaa)/3.9.12
- version/cloud foundry user account and authentication (uaa)/3.9.13
- version/cloud foundry user account and authentication (uaa)/3.9.14
- vendor/cloudfoundry
- canonical/cloud foundry uaa
- version/cloud foundry uaa/40
- version/cloud foundry uaa/13.1
- version/cloud foundry uaa/13.2
- version/cloud foundry uaa/13.3
- version/cloud foundry uaa/13.4
- version/cloud foundry uaa/13.5
- version/cloud foundry uaa/13.6
- version/cloud foundry uaa/13.7
- version/cloud foundry uaa/13.8
- version/cloud foundry uaa/13.9
- version/cloud foundry uaa/13.10
- version/cloud foundry uaa/13.11
- version/cloud foundry uaa/13.12
- version/cloud foundry uaa/13.13
- version/cloud foundry uaa/13.14
- version/cloud foundry uaa/13.15
- version/cloud foundry uaa/13.16
- version/cloud foundry uaa/24
- version/cloud foundry uaa/24.1
- version/cloud foundry uaa/24.2
- version/cloud foundry uaa/24.3
- version/cloud foundry uaa/24.4
- version/cloud foundry uaa/24.5
- version/cloud foundry uaa/24.6
- version/cloud foundry uaa/24.7
- version/cloud foundry uaa/24.8
- version/cloud foundry uaa/24.9
- version/cloud foundry uaa/24.10
- version/cloud foundry uaa/24.11
- version/cloud foundry uaa/30
- version/cloud foundry uaa/30.1
- version/cloud foundry uaa/30.2
- version/cloud foundry uaa/30.3
- version/cloud foundry uaa/30.4
- canonical/cloud foundry cf-networking
- version/cloud foundry cf-networking/263