All Vulnerability Reports

CVE-2017-8035: Cloud Controller API access to CC VM contents

Severity

Critical

References

• http://www.cloudfoundry.org/CVE-2017-8035

Affected VMware Products and Versions

Severity is critical unless otherwise noted.

• PCF Elastic Runtime:
  • All versions prior to 1.8.0
  • 1.8.x versions prior to 1.8.53
  • 1.9.x versions prior to 1.9.31
  • 1.10.x versions prior to 1.10.18
  • 1.11.x versions prior to 1.11.4

Mitigation

Users of affected versions should apply the following mitigation:

• The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
• Releases that have fixed this issue include:
  • PCF Elastic Runtime: 1.8.53, 1.9.31, 1.10.18, 1.11.4