{"id":"CVE-2017-8037","details":"In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.","modified":"2026-04-11T16:54:21.792394Z","published":"2017-08-21T22:29:00.183Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/100448"},{"type":"ADVISORY","url":"https://www.cloudfoundry.org/cve-2017-8037/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry-attic/cf-release","events":[{"introduced":"0"},{"last_affected":"1a84cd71377a1ac645f76c686156142ea0685067"},{"last_affected":"fa428609f711cceae2a606ce61e059d4009b5602"},{"last_affected":"0f31531424a0f1c22d78d56be8885e4c138e3c30"},{"last_affected":"594e989f1788e9136563c4b85caa25ffacd3db30"},{"last_affected":"c90227491db604dc085f10ed354d9a6faeaebe6b"},{"last_affected":"7bb139ef2aca118764929ef78d890260f6d183b5"},{"last_affected":"690e8155510acac067193f1076c74ce6312c0479"},{"last_affected":"4e2e687eb3f8ebe6081fc5dc447522b37d3847c3"},{"last_affected":"36a8a2417838f7311453ac5334f86976fbb3876d"},{"last_affected":"80a8305aa572d39773286ee0da0c5ba79803ceb9"},{"last_affected":"d5295bc2fb9e5d84254470c1fa5cd3ea10d80a05"},{"last_affected":"2dcce2b8f4f6a32915d3ab4b8f0abb5341971217"},{"last_affected":"0be81a4d256978fe7fa1a0facb4f427b02b19452"},{"last_affected":"8091cecf3513cb4cc658947d593dd7b039adbd30"},{"last_affected":"01ccfbbb01bb8824594f67529a4c325214507f08"},{"last_affected":"131c253c541e71d149ae3401052cc2431d257e77"},{"last_affected":"15987f53f54689140c81f045949f8908b3396746"},{"last_affected":"e601e5792123ea9b450621608cafd3f7c753f2f0"},{"last_affected":"44f00b3bf9479d462d35ab5e738b114a9ee6cc81"},{"last_affected":"33c346e5d62f5c5a228e3172a669ed7b242c322b"},{"last_affected":"8907dccdf77848aea42aa0a324cfa710e5ce34e3"},{"last_affected":"715b43f9943503f4ea3d23a2c48ccc37e9d5fecc"},{"last_affected":"5e4b27674062f8dfdc2fbf21ec8a21162cdd02ae"},{"last_affected":"befcb8a72297f8f132ee6cb4653d7d20cbd57041"},{"last_affected":"b31611aaecacf6c42a8ed226ac7d42a0974fccdc"}],"database_specific":{"cpe":["cpe:2.3:a:cloudfoundry:cf-release:245:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:246:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:247:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:248:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:249:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:250:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:251:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:252:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:253:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:254:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:255:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:256:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:257:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:258:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:259:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:260:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:261:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:262:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:263:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:264:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:265:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:266:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:267:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:268:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:269:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"245"},{"last_affected":"246"},{"last_affected":"247"},{"last_affected":"248"},{"last_affected":"249"},{"last_affected":"250"},{"last_affected":"251"},{"last_affected":"252"},{"last_affected":"253"},{"last_affected":"254"},{"last_affected":"255"},{"last_affected":"256"},{"last_affected":"257"},{"last_affected":"258"},{"last_affected":"259"},{"last_affected":"260"},{"last_affected":"261"},{"last_affected":"262"},{"last_affected":"263"},{"last_affected":"264"},{"last_affected":"265"},{"last_affected":"266"},{"last_affected":"267"},{"last_affected":"268"},{"last_affected":"269"}],"source":"CPE_FIELD"}}],"versions":["-","list","log","rc145.0","scotty_09012012","v100","v102","v103","v104","v105","v109","v119","v132","v133","v134","v135","v136","v137","v140","v143","v156","v157","v161","v170","v183","v205","v245","v246","v247","v248","v249","v250","v251","v252","v253","v254","v255","v256","v257","v258","v259","v260","v261","v262","v263","v264","v265","v266","v267","v268","v269","v99","works-for-us"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-8037.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/capi-release","events":[{"introduced":"0"},{"last_affected":"c952006df4174249d91e296c799ab54361822477"},{"last_affected":"c0e70a357b5cfa00c638da0ae66e0ec763743e2f"},{"last_affected":"303ba60a5f1b7c56cc9a6ce20a7129c3470507de"},{"last_affected":"6d348268ed9a60324fc3b72a51c177c4f010d55a"},{"last_affected":"450c7911604ebbde2cc7264225b399c0cbd03e34"},{"last_affected":"a61ed28be1fd1e28d4dce5db24da7d61f008a734"},{"last_affected":"17db718c3a9d9770dac94913f04c45280e7cf784"},{"last_affected":"bb629b4adb7884a367e138ad1941af60e139f53d"},{"last_affected":"6f21ff2945d8fb3a0bfbcbb0a1bb1b74ca128bb2"},{"last_affected":"36f4ae07a48fc30638603980717495445d241af4"},{"last_affected":"894101052cdc6fc05da38d6a0b622ce21a60d8e2"},{"last_affected":"f06d19aa9bf14dadb25365ec4791bf965fcf2332"},{"last_affected":"a6005ec62e459efbde2e32f261d168cf0deb8f0f"},{"last_affected":"8473afc0d6d91ddba237d19cc72d3a138ffcf202"},{"last_affected":"7f496a0ca0b1ef6fcd3d4db02a81b4c2523996a6"},{"last_affected":"9503da6c4dd59fd3b2503d517473a98b14a72768"},{"last_affected":"f3b6755d2258f0e863097b59c2e3e9eafd699587"},{"last_affected":"2429003d3e89e72c066a56664fcc24d5e2f4c497"},{"last_affected":"64b73ed9a73614c0901e7aac91cd5d936fe83f1a"},{"last_affected":"f8e925ce685417d1d564488efbc908b16aa095c1"},{"last_affected":"2103e744192c7884f08fa8a35e2625c313f5cd07"},{"last_affected":"a2ce1e83b6836f99734091f201a99905a405e9da"},{"last_affected":"5f22c8771030282d4fd59632074449c6747a4d71"},{"last_affected":"4b56eaf4acedf9310785e13141ad52de01e47604"},{"last_affected":"13b17376cd84b4af6cbd601cb242e7661310f0c7"},{"last_affected":"dec2856642c768ce37809eb2cdd5de9dd4c38843"},{"last_affected":"c436eb99139b137a4559ad281cd0683169241a00"},{"last_affected":"1e62b9609ca9d4fae40f1659b7b4b4c8fda5ca9c"},{"last_affected":"ae579cbaab4cfea17e5b85e4db9a83b4c8d52b23"},{"last_affected":"1f60b56430d5f541940d2748ee2bb148821670c8"},{"last_affected":"0a024c74ec9b3080a99a9ea5cebaa2c0b4aaf1bf"}],"database_specific":{"cpe":["cpe:2.3:a:cloudfoundry:capi-release:1.7.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.8.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.9.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.10.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.11.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.12.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.13.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.14.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.15.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.16.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.17.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.18.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.19.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.20.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.21.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.22.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.23.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.24.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.25.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.26.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.27.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.28.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.29.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.30.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.31.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.32.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.33.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.34.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.35.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.36.0:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:capi-release:1.37.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"1.7.0"},{"last_affected":"1.8.0"},{"last_affected":"1.9.0"},{"last_affected":"1.10.0"},{"last_affected":"1.11.0"},{"last_affected":"1.12.0"},{"last_affected":"1.13.0"},{"last_affected":"1.14.0"},{"last_affected":"1.15.0"},{"last_affected":"1.16.0"},{"last_affected":"1.17.0"},{"last_affected":"1.18.0"},{"last_affected":"1.19.0"},{"last_affected":"1.20.0"},{"last_affected":"1.21.0"},{"last_affected":"1.22.0"},{"last_affected":"1.23.0"},{"last_affected":"1.24.0"},{"last_affected":"1.25.0"},{"last_affected":"1.26.0"},{"last_affected":"1.27.0"},{"last_affected":"1.28.0"},{"last_affected":"1.29.0"},{"last_affected":"1.30.0"},{"last_affected":"1.31.0"},{"last_affected":"1.32.0"},{"last_affected":"1.33.0"},{"last_affected":"1.34.0"},{"last_affected":"1.35.0"},{"last_affected":"1.36.0"},{"last_affected":"1.37.0"}],"source":"CPE_FIELD"}}],"versions":["1.0.0","1.1.0","1.10.0","1.11.0","1.12.0","1.13.0","1.14.0","1.15.0","1.16.0","1.17.0","1.18.0","1.19.0","1.2.0","1.20.0","1.21.0","1.22.0","1.23.0","1.24.0","1.25.0","1.26.0","1.27.0","1.28.0","1.29.0","1.3.0","1.30.0","1.31.0","1.32.0","1.33.0","1.34.0","1.35.0","1.36.0","1.37.0","1.4.0","1.5.0","1.6.0","1.7.0","1.8.0","1.9.0","v1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-8037.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}