High severity7.5NVD Advisory· Published Jul 25, 2017· Updated May 13, 2026

CVE-2017-8035

Description

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation.

Affected products

Cloudfoundry/Capi Release
cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*
Range: >=1.7.0,<1.35.0
Cloudfoundry/Cf Release
cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*
Range: >=245,<268
N/a/Cloud Controllerv5
Range: Cloud Controller

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cloudfoundry.org/cve-2017-8035/nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000