An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.cloudfoundry.org/cve-2017-14389/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: dell
Published: 2017-11-28T07:00:00
Updated: 2024-08-05T19:27:40.603Z
Reserved: 2017-09-12T00:00:00
Link: CVE-2017-14389
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-11-28T07:29:00.303
Modified: 2024-11-21T03:12:41.227
Link: CVE-2017-14389
Redhat
No data.