CVE-2017-14389
medium
CVSS v3
6.5
CVSS v2
4.0
VIR risk
6.5
Description
An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cloudfoundry | capi-release | {"endExcluding":"1.45.0"} | 1.45.0 |
| cloudfoundry | cf-deployment | {"endExcluding":"1.0.0"} | 1.0.0 |
| cloudfoundry | cf-release | {"endExcluding":"280"} | 280 |
References
Verify integrity in audit chain (admin only). AS-IS.