CVE-2017-4992: Privilege escalation with user invitations
Affected Pivotal Products and Versions
Severity is critical unless otherwise noted.
- PCF Elastic Runtime:
- 1.6.x version prior to 1.6.79
- 1.7.x versions prior to 1.7.64
- 1.8.x versions prior to 1.8.44
- 1.9.x versions prior to 1.9.22
- 1.10.x versions prior to 1.10.9
- PCF Operations Manager:
- 1.7.x versions prior to 1.7.29
- 1.8.x versions prior to 1.8.21
- 1.9.x versions prior to 1.9.12
- 1.10.x versions prior to 1.10.7
- Note: Ops Manager 1.6.x and lower versions are not affected by this issue
Users of affected versions should apply the following mitigation or upgrade:
- The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
- Releases that have fixed this issue include:
- PCF Elastic Runtime: 1.6.79, 1.7.64, 1.8.44, 1.9.22, 1.10.9
- PCF Ops Manager: 1.7.29, 1.8.21, 1.9.12, 1.10.7
- Please contact Pivotal Support at https://support.pivotal.io if you need further assistance.