CVE-2017-4970 Staticfile buildpack ignores basic authentication when misconfigured


Severity

High

References
Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • Vulnerable Cloud Foundry components individually listed here.
  • Pivotal products using CF components prior to the listed updated versions are vulnerable to this issue. See the Mitigation section below for more information.
Mitigation

Users of affected versions should apply the following mitigation:

  • For affected existing deployments, upgrade the Staticfile Buildpack to v1.44 or later and restage all applications that use the Staticfile Buildpack.
  • Please note: vulnerable versions of the Staticfile Buildpack were not included in any public releases of PCF Elastic Runtime.