What is the severity of CVE-2017-8048?

CVE-2017-8048 has a critical severity level due to the potential for arbitrary code execution on the Cloud Controller VM.

What versions are affected by CVE-2017-8048?

CVE-2017-8048 affects Cloud Foundry capi-release versions 1.33.0 to 1.41.0 and cf-release versions 268 to 273.

How do I fix CVE-2017-8048?

To fix CVE-2017-8048, upgrade to capi-release version 1.42.0 or later and cf-release version 274 or later.

What type of vulnerabilities does CVE-2017-8048 represent?

CVE-2017-8048 represents a security vulnerability that allows space developers to execute arbitrary code.

Can unauthorized users exploit CVE-2017-8048?

Yes, unauthorized users with space developer roles can exploit CVE-2017-8048 due to its design flaw.

Vulnerability/
CVE-2017-8048

high

7.8

3/10/2017

5/8/2024

CVE-2017-8048

First published: Tue Oct 03 2017(Updated: )

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.

Credit: security_alert@emc.com

Affected Software	Affected Version	How to fix
Cloud Foundry CF Release	=268
Cloud Foundry CF Release	=269
Cloud Foundry CF Release	=270
Cloud Foundry CF Release	=271
Cloud Foundry CF Release	=272
Cloud Foundry CF Release	=273
Pivotal CAPI Release	=1.33.0
Pivotal CAPI Release	=1.34.0
Pivotal CAPI Release	=1.35.0
Pivotal CAPI Release	=1.36.0
Pivotal CAPI Release	=1.37.0
Pivotal CAPI Release	=1.38.0
Pivotal CAPI Release	=1.39.0
Pivotal CAPI Release	=1.40.0
Pivotal CAPI Release	=1.41.0

Never miss a vulnerability like this again

Reference Links

https://www.cloudfoundry.org/cve-2017-8048/

Frequently Asked Questions

What is the severity of CVE-2017-8048?
CVE-2017-8048 has a critical severity level due to the potential for arbitrary code execution on the Cloud Controller VM.
What versions are affected by CVE-2017-8048?
CVE-2017-8048 affects Cloud Foundry capi-release versions 1.33.0 to 1.41.0 and cf-release versions 268 to 273.
How do I fix CVE-2017-8048?
To fix CVE-2017-8048, upgrade to capi-release version 1.42.0 or later and cf-release version 274 or later.
What type of vulnerabilities does CVE-2017-8048 represent?
CVE-2017-8048 represents a security vulnerability that allows space developers to execute arbitrary code.
Can unauthorized users exploit CVE-2017-8048?
Yes, unauthorized users with space developer roles can exploit CVE-2017-8048 due to its design flaw.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/references
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cloudfoundry
canonical/cloud foundry cf release
version/cloud foundry cf release/268
version/cloud foundry cf release/269
version/cloud foundry cf release/270
version/cloud foundry cf release/271
version/cloud foundry cf release/272
version/cloud foundry cf release/273
vendor/pivotal
canonical/pivotal capi release
version/pivotal capi release/1.33.0
version/pivotal capi release/1.34.0
version/pivotal capi release/1.35.0
version/pivotal capi release/1.36.0
version/pivotal capi release/1.37.0
version/pivotal capi release/1.38.0
version/pivotal capi release/1.39.0
version/pivotal capi release/1.40.0
version/pivotal capi release/1.41.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2017-8048?
CVE-2017-8048 has a critical severity level due to the potential for arbitrary code execution on the Cloud Controller VM.
What versions are affected by CVE-2017-8048?
CVE-2017-8048 affects Cloud Foundry capi-release versions 1.33.0 to 1.41.0 and cf-release versions 268 to 273.
How do I fix CVE-2017-8048?
To fix CVE-2017-8048, upgrade to capi-release version 1.42.0 or later and cf-release version 274 or later.
What type of vulnerabilities does CVE-2017-8048 represent?
CVE-2017-8048 represents a security vulnerability that allows space developers to execute arbitrary code.
Can unauthorized users exploit CVE-2017-8048?
Yes, unauthorized users with space developer roles can exploit CVE-2017-8048 due to its design flaw.