CVE-2017-4969 Bug in CC allows users to exceed quotas


Severity

High

References
Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • Vulnerable Cloud Foundry components individually listed here.
  • PCF Elastic Runtime:
    • 1.9.x versions prior to 1.9.14
    • 1.10.x versions prior to 1.10.1
  • Please note: earlier ERT versions (1.6.x - 1.8.x) are not affected by this issue.
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
  • Upgrade Pivotal products using earlier versions of CF components to new versions linked above. On the Pivotal Network product page for each release, check the Depends On section and/or Release Notes for this information.
  • Releases that have fixed this issue include:
    • PCF Elastic Runtime: 1.9.14 and 1.10.1