Medium severity6.5NVD Advisory· Published Nov 28, 2017· Updated Jun 17, 2026
CVE-2017-14389
CVE-2017-14389
Description
An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*range: <1.45.0
- (no CPE)range: <1.45.0
cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*range: <1.0.0
- (no CPE)range: <v1.0.0
cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*range: <280
- (no CPE)range: <v280
Patches
Vulnerability mechanics
References
1- www.cloudfoundry.org/cve-2017-14389/nvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.