CVE-2017-14389

Published: Nov 28, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."

Vendor	Product	Versions
n/a	Cloud Foundry capi-release: All versions prior to 1.45.0, cf-release: All versions prior to v280, cf-deployment: All versions prior to v1.0.0	affected `Cloud Foundry capi-release: All versions prior to 1.45.0, cf-release: All versions prior to v280, cf-deployment: All versions prior to v1.0.0`

References

https://www.cloudfoundry.org/cve-2017-14389/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-14389

Description

Affected Products

References