Medium severity6.5NVD Advisory· Published Nov 28, 2017· Updated May 13, 2026

CVE-2017-14389

Description

An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."

Affected products

Cloudfoundry/Capi Release
cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*
Range: <1.45.0
Cloudfoundry/Cf Deployment
cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*
Range: <1.0.0
Cloudfoundry/Cf Release
cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*
Range: <280

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cloudfoundry.org/cve-2017-14389/nvdIssue TrackingThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000