VYPR
Medium severity6.5NVD Advisory· Published Nov 28, 2017· Updated Jun 17, 2026

CVE-2017-14389

CVE-2017-14389

Description

An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*range: <1.45.0
    • (no CPE)range: <1.45.0
  • cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*range: <1.0.0
    • (no CPE)range: <v1.0.0
  • cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*range: <280
    • (no CPE)range: <v280

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.