All Vulnerability Reports

CVE-2017-8035: Cloud Controller API access to CC VM contents


Severity

Critical

References
Affected Pivotal Products and Versions

Severity is critical unless otherwise noted.

  • PCF Elastic Runtime:
    • All versions prior to 1.8.0
    • 1.8.x versions prior to 1.8.53
    • 1.9.x versions prior to 1.9.31
    • 1.10.x versions prior to 1.10.18
    • 1.11.x versions prior to 1.11.4
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
  • Releases that have fixed this issue include:
    • PCF Elastic Runtime: 1.8.53, 1.9.31, 1.10.18, 1.11.4