An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2017-11-28T07:00:00

Updated: 2024-08-05T19:27:40.603Z

Reserved: 2017-09-12T00:00:00

Link: CVE-2017-14389

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-11-28T07:29:00.303

Modified: 2024-11-21T03:12:41.227

Link: CVE-2017-14389

cve-icon Redhat

No data.