VIR Vulnerability Intelligence Relay

CVE-2017-8037

high
Published 2017-08-21 ยท Modified 2026-05-13
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
7.5

Description

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.

Predictions

Exploit likelihood
83%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
cloudfoundrycapi-release1.7.0
cloudfoundrycapi-release1.8.0
cloudfoundrycapi-release1.9.0
cloudfoundrycapi-release1.10.0
cloudfoundrycapi-release1.11.0
cloudfoundrycapi-release1.12.0
cloudfoundrycapi-release1.13.0
cloudfoundrycapi-release1.14.0
cloudfoundrycapi-release1.15.0
cloudfoundrycapi-release1.16.0
cloudfoundrycapi-release1.17.0
cloudfoundrycapi-release1.18.0
cloudfoundrycapi-release1.19.0
cloudfoundrycapi-release1.20.0
cloudfoundrycapi-release1.21.0
cloudfoundrycapi-release1.22.0
cloudfoundrycapi-release1.23.0
cloudfoundrycapi-release1.24.0
cloudfoundrycapi-release1.25.0
cloudfoundrycapi-release1.26.0
cloudfoundrycapi-release1.27.0
cloudfoundrycapi-release1.28.0
cloudfoundrycapi-release1.29.0
cloudfoundrycapi-release1.30.0
cloudfoundrycapi-release1.31.0
cloudfoundrycapi-release1.32.0
cloudfoundrycapi-release1.33.0
cloudfoundrycapi-release1.34.0
cloudfoundrycapi-release1.35.0
cloudfoundrycapi-release1.36.0
cloudfoundrycapi-release1.37.0
cloudfoundrycf-release245
cloudfoundrycf-release246
cloudfoundrycf-release247
cloudfoundrycf-release248
cloudfoundrycf-release249
cloudfoundrycf-release250
cloudfoundrycf-release251
cloudfoundrycf-release252
cloudfoundrycf-release253
cloudfoundrycf-release254
cloudfoundrycf-release255
cloudfoundrycf-release256
cloudfoundrycf-release257
cloudfoundrycf-release258
cloudfoundrycf-release259
cloudfoundrycf-release260
cloudfoundrycf-release261
cloudfoundrycf-release262
cloudfoundrycf-release263
cloudfoundrycf-release264
cloudfoundrycf-release265
cloudfoundrycf-release266
cloudfoundrycf-release267
cloudfoundrycf-release268
cloudfoundrycf-release269

References

CWEs

CWE-200

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.