cvelistv5 - CVE-2017-8032

CVE-2017-8032

Vulnerability from cvelistv5

Published

2017-07-10 20:00

Modified

2024-08-05 16:19

Severity ?

Summary

In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider.

References

▼	URL	Tags
	security_alert@emc.com	https://www.cloudfoundry.org/cve-2017-8032/	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.cloudfoundry.org/cve-2017-8032/	Mitigation, Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Cloud Foundry

Version: Cloud Foundry

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.855Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cloudfoundry.org/cve-2017-8032/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cloud Foundry",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cloud Foundry"
            }
          ]
        }
      ],
      "datePublic": "2017-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Admin Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T19:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cloudfoundry.org/cve-2017-8032/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-8032",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cloud Foundry",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cloud Foundry"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Admin Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cloudfoundry.org/cve-2017-8032/",
              "refsource": "CONFIRM",
              "url": "https://www.cloudfoundry.org/cve-2017-8032/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-8032",
    "datePublished": "2017-07-10T20:00:00",
    "dateReserved": "2017-04-21T00:00:00",
    "dateUpdated": "2024-08-05T16:19:29.855Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"942E59F5-172F-4802-81AE-D43E72189889\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACFDEF8D-9BE5-43ED-8E1D-2B63A1294EDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"504AA7E0-D1F5-4097-B53B-F0E36328B1EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DCD6CB7-5D49-4897-8353-44E5B08D9375\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1B4C4EB-3337-4053-BA4B-93A849263A42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9339A684-B1F0-4110-9E48-A04BED74DC2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F35CCB74-63A3-4F95-9EAE-ADC5A8BACB99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2A1BAE9-FCB6-458E-A1A6-03F0AB742E5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2261C887-8179-4BBA-A2CF-174F8F3017FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6EED2616-E58D-4604-BBBC-AC24BCA068A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"916733EA-F51A-49E2-9D47-9B713B36C847\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA1887F9-EB71-41AE-9E45-DD86A54AA958\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7D01A32-98DA-4F7F-B7A0-D1695478C208\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C57AACB-1ECA-4047-A8AA-D768DA54BB86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D164FF1-D85D-4800-A726-465A32974BEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CAC5B15-895E-43CA-AFE1-EE7E06EF08D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10286C78-A413-4FD3-B7F7-39C17A50D75C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D022F9B-4877-4A97-AE22-BAF579B38DE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87D2BF0D-963C-430F-A4FE-F452F15035BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D8C3C5E-E942-483A-A914-CC57DDCB6EAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D741750F-DC85-4701-90F7-4AE00DB04B0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E126E318-6572-4BC3-8FA4-835AC49432C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A5B622B-C14C-4160-ACFD-CD2AB3786828\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBE0A85A-5B1A-49E0-8FC7-4A68505B6506\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8E3CEAB-E58E-4870-A719-F46D6DE2E710\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DEDD149-4BBB-47A1-8E23-2247DCF9C13C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"225B90A0-757D-4406-9EC1-A31968CC7F87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC8157B8-A26B-4148-A02A-DBEC662FE701\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F74AEAE-D823-4B1A-9979-0739F6BA17CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21FC35CD-79D1-4279-B719-6398C6636113\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5053FDB3-E711-434A-A6A6-4C580A2FF43A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E909E6B8-AD6F-4B96-968D-A6C952462C26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6955DB34-FA12-41A6-A90F-456777ADEB81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B92D875-509C-42BE-90E4-112C94170199\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"166C908D-7D5F-43DD-B3EA-BAFF23DBBDAC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B83917A-D326-4874-AD82-0DBD131DC0EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5C19F44-AB0F-44BB-A298-F81B853FA71D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B981590F-0649-4BBA-AB5F-CC5C7858DFF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A36B9F9-6D45-4D84-869A-25131BF482BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FADC5C69-1910-4D19-97B2-B44A594B8B34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5314895-961D-4D2B-A0C9-1B23C03317CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA5A5B1C-7111-464E-9F49-D13621233AC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A6E52B8-7635-4376-AFAD-935DB44B923C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C97CB502-CE1E-4B63-88D0-7A826C825B84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F3AAD33-275B-4FF1-9434-BEE85543F7B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18EEF16B-A74C-401A-913B-E3E9DA99EC68\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"40\", \"matchCriteriaId\": \"420CF106-9916-4219-A4E1-AA907EE68955\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C24E2CE5-6DBA-4B45-951D-0F7189C9A94D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0EB01AB-A033-4DCC-B433-0674078E31DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"749B1CBF-6297-4F4D-970D-25D1D0A88AE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C369E22-27DF-40B3-B94F-45DFC47E6A60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15A2FE05-FC02-4FC1-B9B3-40E4EC62C5D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A4975D0-2C4D-4883-A849-D434FB8A7E2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E85B347-27E2-4EF9-9CF0-13902EC4741D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93081AC1-C07E-4E6D-8B1E-8D561461FEB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4F6208B-7FA5-4177-8942-2037BEE99546\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD8DA4C6-BCA9-4959-82FC-2596C6EBD6E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8120A442-6A3D-4918-A829-A84B2B9694E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D7AF658-FFBB-49AB-8A44-9989A7FEC707\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC42F184-AFEC-4992-BFEF-B410CDF1452A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"147C8C7B-F6C6-4338-A181-BF450C53C14B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"555B74DE-E5D6-493B-96B4-87C636104B64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44E995D9-D404-4A19-BDD8-C911A1A2AD90\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A090F790-1A28-4238-8727-3F9475706A9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEFE0727-C152-4726-A70E-C75BACD31071\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38D708B8-485D-445E-8A21-474A500F1184\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4B8A221-8740-4D35-871D-EABDB2F8332D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A426C1DD-0C64-468A-B96E-B0B94FFF0A89\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEFEEACE-5BED-4507-A770-69D36F478791\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"860B073C-AC50-473C-9650-7421F3638FB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B44C3F2-5AC4-4D05-BAF0-EFDFB3FDC3BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2BBC265-7026-469B-BB30-D7DB7A334A65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08E99F4C-6BB5-415E-A5F3-285A3219EEF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03E24F1B-C999-4C02-BFDD-00F1E2A53E45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21D145BD-EEAC-4434-9435-A3676A15DD90\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75D365CB-5BDA-4387-AA3E-2F02B552162F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E80E3184-345D-4C78-ABAA-94B3D9A53252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F654A04-B949-415D-982A-7341486B2B01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEF9F58F-1387-4D84-932F-8CC8F380E797\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31EB573D-313D-4DB4-8820-E99AE4FCA210\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_cf:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"263\", \"matchCriteriaId\": \"8AB2BFCD-60E5-481A-9FCB-E2937CD9ECBE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider.\"}, {\"lang\": \"es\", \"value\": \"En cf-release de Cloud Foundry versiones anteriores a 264; UAA libera todas las versiones de UAA v2.x.x, versi\\u00f3n 3.6.x anteriores a 3.6.13, versi\\u00f3n 3.9.x anteriores a 3.9.15, versiones 3.20.x anteriores a v3.20.0, y otras versiones anteriores a v4.4.0; y versiones de UAA bosh release (uaa-release) versi\\u00f3n 13.x anteriores a v13.17, versi\\u00f3n 24.x anteriores a 24.12. 30.x versiones anteriores a 30.5, y otras versiones anteriores a 41, los administradores de zona pueden escalar sus privilegios al asignar permisos para un proveedor externo.\"}]",
      "id": "CVE-2017-8032",
      "lastModified": "2024-11-21T03:33:11.267",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.7, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.8, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-07-10T20:29:00.860",
      "references": "[{\"url\": \"https://www.cloudfoundry.org/cve-2017-8032/\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.cloudfoundry.org/cve-2017-8032/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-8032\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2017-07-10T20:29:00.860\",\"lastModified\":\"2024-11-21T03:33:11.267\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider.\"},{\"lang\":\"es\",\"value\":\"En cf-release de Cloud Foundry versiones anteriores a 264; UAA libera todas las versiones de UAA v2.x.x, versi\u00f3n 3.6.x anteriores a 3.6.13, versi\u00f3n 3.9.x anteriores a 3.9.15, versiones 3.20.x anteriores a v3.20.0, y otras versiones anteriores a v4.4.0; y versiones de UAA bosh release (uaa-release) versi\u00f3n 13.x anteriores a v13.17, versi\u00f3n 24.x anteriores a 24.12. 30.x versiones anteriores a 30.5, y otras versiones anteriores a 41, los administradores de zona pueden escalar sus privilegios al asignar permisos para un proveedor externo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.7,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"942E59F5-172F-4802-81AE-D43E72189889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFDEF8D-9BE5-43ED-8E1D-2B63A1294EDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"504AA7E0-D1F5-4097-B53B-F0E36328B1EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DCD6CB7-5D49-4897-8353-44E5B08D9375\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1B4C4EB-3337-4053-BA4B-93A849263A42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9339A684-B1F0-4110-9E48-A04BED74DC2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F35CCB74-63A3-4F95-9EAE-ADC5A8BACB99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2A1BAE9-FCB6-458E-A1A6-03F0AB742E5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2261C887-8179-4BBA-A2CF-174F8F3017FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EED2616-E58D-4604-BBBC-AC24BCA068A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"916733EA-F51A-49E2-9D47-9B713B36C847\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA1887F9-EB71-41AE-9E45-DD86A54AA958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7D01A32-98DA-4F7F-B7A0-D1695478C208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C57AACB-1ECA-4047-A8AA-D768DA54BB86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D164FF1-D85D-4800-A726-465A32974BEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CAC5B15-895E-43CA-AFE1-EE7E06EF08D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10286C78-A413-4FD3-B7F7-39C17A50D75C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D022F9B-4877-4A97-AE22-BAF579B38DE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87D2BF0D-963C-430F-A4FE-F452F15035BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D8C3C5E-E942-483A-A914-CC57DDCB6EAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D741750F-DC85-4701-90F7-4AE00DB04B0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E126E318-6572-4BC3-8FA4-835AC49432C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A5B622B-C14C-4160-ACFD-CD2AB3786828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBE0A85A-5B1A-49E0-8FC7-4A68505B6506\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8E3CEAB-E58E-4870-A719-F46D6DE2E710\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DEDD149-4BBB-47A1-8E23-2247DCF9C13C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"225B90A0-757D-4406-9EC1-A31968CC7F87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC8157B8-A26B-4148-A02A-DBEC662FE701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F74AEAE-D823-4B1A-9979-0739F6BA17CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21FC35CD-79D1-4279-B719-6398C6636113\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5053FDB3-E711-434A-A6A6-4C580A2FF43A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E909E6B8-AD6F-4B96-968D-A6C952462C26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6955DB34-FA12-41A6-A90F-456777ADEB81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B92D875-509C-42BE-90E4-112C94170199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"166C908D-7D5F-43DD-B3EA-BAFF23DBBDAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B83917A-D326-4874-AD82-0DBD131DC0EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5C19F44-AB0F-44BB-A298-F81B853FA71D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B981590F-0649-4BBA-AB5F-CC5C7858DFF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A36B9F9-6D45-4D84-869A-25131BF482BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FADC5C69-1910-4D19-97B2-B44A594B8B34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5314895-961D-4D2B-A0C9-1B23C03317CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA5A5B1C-7111-464E-9F49-D13621233AC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A6E52B8-7635-4376-AFAD-935DB44B923C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C97CB502-CE1E-4B63-88D0-7A826C825B84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F3AAD33-275B-4FF1-9434-BEE85543F7B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18EEF16B-A74C-401A-913B-E3E9DA99EC68\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"40\",\"matchCriteriaId\":\"420CF106-9916-4219-A4E1-AA907EE68955\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C24E2CE5-6DBA-4B45-951D-0F7189C9A94D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0EB01AB-A033-4DCC-B433-0674078E31DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"749B1CBF-6297-4F4D-970D-25D1D0A88AE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C369E22-27DF-40B3-B94F-45DFC47E6A60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15A2FE05-FC02-4FC1-B9B3-40E4EC62C5D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A4975D0-2C4D-4883-A849-D434FB8A7E2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E85B347-27E2-4EF9-9CF0-13902EC4741D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93081AC1-C07E-4E6D-8B1E-8D561461FEB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4F6208B-7FA5-4177-8942-2037BEE99546\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD8DA4C6-BCA9-4959-82FC-2596C6EBD6E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8120A442-6A3D-4918-A829-A84B2B9694E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D7AF658-FFBB-49AB-8A44-9989A7FEC707\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC42F184-AFEC-4992-BFEF-B410CDF1452A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"147C8C7B-F6C6-4338-A181-BF450C53C14B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"555B74DE-E5D6-493B-96B4-87C636104B64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44E995D9-D404-4A19-BDD8-C911A1A2AD90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A090F790-1A28-4238-8727-3F9475706A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEFE0727-C152-4726-A70E-C75BACD31071\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38D708B8-485D-445E-8A21-474A500F1184\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4B8A221-8740-4D35-871D-EABDB2F8332D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A426C1DD-0C64-468A-B96E-B0B94FFF0A89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEFEEACE-5BED-4507-A770-69D36F478791\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"860B073C-AC50-473C-9650-7421F3638FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B44C3F2-5AC4-4D05-BAF0-EFDFB3FDC3BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2BBC265-7026-469B-BB30-D7DB7A334A65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08E99F4C-6BB5-415E-A5F3-285A3219EEF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03E24F1B-C999-4C02-BFDD-00F1E2A53E45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21D145BD-EEAC-4434-9435-A3676A15DD90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75D365CB-5BDA-4387-AA3E-2F02B552162F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E80E3184-345D-4C78-ABAA-94B3D9A53252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F654A04-B949-415D-982A-7341486B2B01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEF9F58F-1387-4D84-932F-8CC8F380E797\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31EB573D-313D-4DB4-8820-E99AE4FCA210\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_cf:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"263\",\"matchCriteriaId\":\"8AB2BFCD-60E5-481A-9FCB-E2937CD9ECBE\"}]}]}],\"references\":[{\"url\":\"https://www.cloudfoundry.org/cve-2017-8032/\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.cloudfoundry.org/cve-2017-8032/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}

ghsa-9frw-wmvq-5rrc

Vulnerability from github

Published

2022-05-13 01:07

Modified

2024-03-01 20:07

Severity ?

6.6 (Medium) - CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Cloud Foundry UAA Identity Zone Admin Privilege Escalation

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.cloudfoundry.identity:cloudfoundry-identity-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.cloudfoundry.identity:cloudfoundry-identity-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.7.0"
            },
            {
              "fixed": "3.9.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.cloudfoundry.identity:cloudfoundry-identity-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.10.0"
            },
            {
              "fixed": "3.20.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.cloudfoundry.identity:cloudfoundry-identity-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-8032"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-01T20:07:28Z",
    "nvd_published_at": "2017-07-10T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider.",
  "id": "GHSA-9frw-wmvq-5rrc",
  "modified": "2024-03-01T20:07:29Z",
  "published": "2022-05-13T01:07:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8032"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa/commit/2c10c43f04cf31e9f8f496cd218bfc773dfc149"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa/commit/4e4d653edb6b8f68e12b7c415e07e068b1574b8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa/commit/aa308c463eaec96704198c2686306c9fc42f126e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa/commit/ea8c0ce7740a5d756d9f11964f6a6b4df54cc3b2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cloudfoundry/uaa"
    },
    {
      "type": "WEB",
      "url": "https://www.cloudfoundry.org/cve-2017-8032"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cloud Foundry UAA Identity Zone Admin Privilege Escalation"
}

gsd-2017-8032

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-8032

Aliases

CVE-2017-8032

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-8032",
    "description": "In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider.",
    "id": "GSD-2017-8032"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-8032"
      ],
      "details": "In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider.",
      "id": "GSD-2017-8032",
      "modified": "2023-12-13T01:21:09.037236Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2017-8032",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cloud Foundry",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cloud Foundry"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Admin Privilege Escalation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.cloudfoundry.org/cve-2017-8032/",
            "refsource": "CONFIRM",
            "url": "https://www.cloudfoundry.org/cve-2017-8032/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "40",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_cf:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "263",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2017-8032"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cloudfoundry.org/cve-2017-8032/",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://www.cloudfoundry.org/cve-2017-8032/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.7,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-08-06T13:07Z",
      "publishedDate": "2017-07-10T20:29Z"
    }
  }
}

CVE-2017-8032

Vulnerability from fkie_nvd

Published

2017-07-10 20:29

Modified

2024-11-21 03:33

Severity ?

6.6 (Medium) - CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	security_alert@emc.com	https://www.cloudfoundry.org/cve-2017-8032/	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.cloudfoundry.org/cve-2017-8032/	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
pivotal_software	cloud_foundry_uaa	2.2.5.4
pivotal_software	cloud_foundry_uaa	2.7.1
pivotal_software	cloud_foundry_uaa	2.7.2
pivotal_software	cloud_foundry_uaa	2.7.3
pivotal_software	cloud_foundry_uaa	2.7.4
pivotal_software	cloud_foundry_uaa	2.7.4.1
pivotal_software	cloud_foundry_uaa	2.7.4.2
pivotal_software	cloud_foundry_uaa	2.7.4.3
pivotal_software	cloud_foundry_uaa	2.7.4.4
pivotal_software	cloud_foundry_uaa	2.7.4.5
pivotal_software	cloud_foundry_uaa	2.7.4.6
pivotal_software	cloud_foundry_uaa	2.7.4.7
pivotal_software	cloud_foundry_uaa	2.7.4.8
pivotal_software	cloud_foundry_uaa	2.7.4.9
pivotal_software	cloud_foundry_uaa	2.7.4.11
pivotal_software	cloud_foundry_uaa	2.7.4.12
pivotal_software	cloud_foundry_uaa	2.7.4.13
pivotal_software	cloud_foundry_uaa	2.7.4.14
pivotal_software	cloud_foundry_uaa	2.7.4.15
pivotal_software	cloud_foundry_uaa	2.7.4.16
pivotal_software	cloud_foundry_uaa	3.6.1
pivotal_software	cloud_foundry_uaa	3.6.2
pivotal_software	cloud_foundry_uaa	3.6.3
pivotal_software	cloud_foundry_uaa	3.6.4
pivotal_software	cloud_foundry_uaa	3.6.5
pivotal_software	cloud_foundry_uaa	3.6.6
pivotal_software	cloud_foundry_uaa	3.6.7
pivotal_software	cloud_foundry_uaa	3.6.8
pivotal_software	cloud_foundry_uaa	3.6.9
pivotal_software	cloud_foundry_uaa	3.6.10
pivotal_software	cloud_foundry_uaa	3.6.11
pivotal_software	cloud_foundry_uaa	3.6.12
pivotal_software	cloud_foundry_uaa	3.9.1
pivotal_software	cloud_foundry_uaa	3.9.2
pivotal_software	cloud_foundry_uaa	3.9.3
pivotal_software	cloud_foundry_uaa	3.9.4
pivotal_software	cloud_foundry_uaa	3.9.5
pivotal_software	cloud_foundry_uaa	3.9.6
pivotal_software	cloud_foundry_uaa	3.9.7
pivotal_software	cloud_foundry_uaa	3.9.8
pivotal_software	cloud_foundry_uaa	3.9.9
pivotal_software	cloud_foundry_uaa	3.9.10
pivotal_software	cloud_foundry_uaa	3.9.11
pivotal_software	cloud_foundry_uaa	3.9.12
pivotal_software	cloud_foundry_uaa	3.9.13
pivotal_software	cloud_foundry_uaa	3.9.14
cloudfoundry	cloud_foundry_uaa_bosh	*
cloudfoundry	cloud_foundry_uaa_bosh	13.1
cloudfoundry	cloud_foundry_uaa_bosh	13.2
cloudfoundry	cloud_foundry_uaa_bosh	13.3
cloudfoundry	cloud_foundry_uaa_bosh	13.4
cloudfoundry	cloud_foundry_uaa_bosh	13.5
cloudfoundry	cloud_foundry_uaa_bosh	13.6
cloudfoundry	cloud_foundry_uaa_bosh	13.7
cloudfoundry	cloud_foundry_uaa_bosh	13.8
cloudfoundry	cloud_foundry_uaa_bosh	13.9
cloudfoundry	cloud_foundry_uaa_bosh	13.10
cloudfoundry	cloud_foundry_uaa_bosh	13.11
cloudfoundry	cloud_foundry_uaa_bosh	13.12
cloudfoundry	cloud_foundry_uaa_bosh	13.13
cloudfoundry	cloud_foundry_uaa_bosh	13.14
cloudfoundry	cloud_foundry_uaa_bosh	13.15
cloudfoundry	cloud_foundry_uaa_bosh	13.16
cloudfoundry	cloud_foundry_uaa_bosh	24
cloudfoundry	cloud_foundry_uaa_bosh	24.1
cloudfoundry	cloud_foundry_uaa_bosh	24.2
cloudfoundry	cloud_foundry_uaa_bosh	24.3
cloudfoundry	cloud_foundry_uaa_bosh	24.4
cloudfoundry	cloud_foundry_uaa_bosh	24.5
cloudfoundry	cloud_foundry_uaa_bosh	24.6
cloudfoundry	cloud_foundry_uaa_bosh	24.7
cloudfoundry	cloud_foundry_uaa_bosh	24.8
cloudfoundry	cloud_foundry_uaa_bosh	24.9
cloudfoundry	cloud_foundry_uaa_bosh	24.10
cloudfoundry	cloud_foundry_uaa_bosh	24.11
cloudfoundry	cloud_foundry_uaa_bosh	30
cloudfoundry	cloud_foundry_uaa_bosh	30.1
cloudfoundry	cloud_foundry_uaa_bosh	30.2
cloudfoundry	cloud_foundry_uaa_bosh	30.3
cloudfoundry	cloud_foundry_uaa_bosh	30.4
pivotal_software	cloud_foundry_cf	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "942E59F5-172F-4802-81AE-D43E72189889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFDEF8D-9BE5-43ED-8E1D-2B63A1294EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "504AA7E0-D1F5-4097-B53B-F0E36328B1EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DCD6CB7-5D49-4897-8353-44E5B08D9375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B4C4EB-3337-4053-BA4B-93A849263A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9339A684-B1F0-4110-9E48-A04BED74DC2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F35CCB74-63A3-4F95-9EAE-ADC5A8BACB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A1BAE9-FCB6-458E-A1A6-03F0AB742E5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2261C887-8179-4BBA-A2CF-174F8F3017FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EED2616-E58D-4604-BBBC-AC24BCA068A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "916733EA-F51A-49E2-9D47-9B713B36C847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA1887F9-EB71-41AE-9E45-DD86A54AA958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7D01A32-98DA-4F7F-B7A0-D1695478C208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C57AACB-1ECA-4047-A8AA-D768DA54BB86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D164FF1-D85D-4800-A726-465A32974BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CAC5B15-895E-43CA-AFE1-EE7E06EF08D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "10286C78-A413-4FD3-B7F7-39C17A50D75C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D022F9B-4877-4A97-AE22-BAF579B38DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "87D2BF0D-963C-430F-A4FE-F452F15035BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D8C3C5E-E942-483A-A914-CC57DDCB6EAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D741750F-DC85-4701-90F7-4AE00DB04B0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E126E318-6572-4BC3-8FA4-835AC49432C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A5B622B-C14C-4160-ACFD-CD2AB3786828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBE0A85A-5B1A-49E0-8FC7-4A68505B6506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E3CEAB-E58E-4870-A719-F46D6DE2E710",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DEDD149-4BBB-47A1-8E23-2247DCF9C13C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "225B90A0-757D-4406-9EC1-A31968CC7F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8157B8-A26B-4148-A02A-DBEC662FE701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F74AEAE-D823-4B1A-9979-0739F6BA17CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "21FC35CD-79D1-4279-B719-6398C6636113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5053FDB3-E711-434A-A6A6-4C580A2FF43A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E909E6B8-AD6F-4B96-968D-A6C952462C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6955DB34-FA12-41A6-A90F-456777ADEB81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B92D875-509C-42BE-90E4-112C94170199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "166C908D-7D5F-43DD-B3EA-BAFF23DBBDAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B83917A-D326-4874-AD82-0DBD131DC0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C19F44-AB0F-44BB-A298-F81B853FA71D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B981590F-0649-4BBA-AB5F-CC5C7858DFF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A36B9F9-6D45-4D84-869A-25131BF482BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADC5C69-1910-4D19-97B2-B44A594B8B34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5314895-961D-4D2B-A0C9-1B23C03317CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA5A5B1C-7111-464E-9F49-D13621233AC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A6E52B8-7635-4376-AFAD-935DB44B923C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97CB502-CE1E-4B63-88D0-7A826C825B84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F3AAD33-275B-4FF1-9434-BEE85543F7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "18EEF16B-A74C-401A-913B-E3E9DA99EC68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "420CF106-9916-4219-A4E1-AA907EE68955",
              "versionEndIncluding": "40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24E2CE5-6DBA-4B45-951D-0F7189C9A94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0EB01AB-A033-4DCC-B433-0674078E31DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "749B1CBF-6297-4F4D-970D-25D1D0A88AE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C369E22-27DF-40B3-B94F-45DFC47E6A60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "15A2FE05-FC02-4FC1-B9B3-40E4EC62C5D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A4975D0-2C4D-4883-A849-D434FB8A7E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E85B347-27E2-4EF9-9CF0-13902EC4741D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "93081AC1-C07E-4E6D-8B1E-8D561461FEB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4F6208B-7FA5-4177-8942-2037BEE99546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD8DA4C6-BCA9-4959-82FC-2596C6EBD6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8120A442-6A3D-4918-A829-A84B2B9694E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7AF658-FFBB-49AB-8A44-9989A7FEC707",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC42F184-AFEC-4992-BFEF-B410CDF1452A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "147C8C7B-F6C6-4338-A181-BF450C53C14B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "555B74DE-E5D6-493B-96B4-87C636104B64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "44E995D9-D404-4A19-BDD8-C911A1A2AD90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*",
              "matchCriteriaId": "A090F790-1A28-4238-8727-3F9475706A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEFE0727-C152-4726-A70E-C75BACD31071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "38D708B8-485D-445E-8A21-474A500F1184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4B8A221-8740-4D35-871D-EABDB2F8332D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A426C1DD-0C64-468A-B96E-B0B94FFF0A89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFEEACE-5BED-4507-A770-69D36F478791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "860B073C-AC50-473C-9650-7421F3638FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B44C3F2-5AC4-4D05-BAF0-EFDFB3FDC3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2BBC265-7026-469B-BB30-D7DB7A334A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E99F4C-6BB5-415E-A5F3-285A3219EEF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E24F1B-C999-4C02-BFDD-00F1E2A53E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "21D145BD-EEAC-4434-9435-A3676A15DD90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D365CB-5BDA-4387-AA3E-2F02B552162F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E80E3184-345D-4C78-ABAA-94B3D9A53252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F654A04-B949-415D-982A-7341486B2B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEF9F58F-1387-4D84-932F-8CC8F380E797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31EB573D-313D-4DB4-8820-E99AE4FCA210",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_cf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB2BFCD-60E5-481A-9FCB-E2937CD9ECBE",
              "versionEndIncluding": "263",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider."
    },
    {
      "lang": "es",
      "value": "En cf-release de Cloud Foundry versiones anteriores a 264; UAA libera todas las versiones de UAA v2.x.x, versi\u00f3n 3.6.x anteriores a 3.6.13, versi\u00f3n 3.9.x anteriores a 3.9.15, versiones 3.20.x anteriores a v3.20.0, y otras versiones anteriores a v4.4.0; y versiones de UAA bosh release (uaa-release) versi\u00f3n 13.x anteriores a v13.17, versi\u00f3n 24.x anteriores a 24.12. 30.x versiones anteriores a 30.5, y otras versiones anteriores a 41, los administradores de zona pueden escalar sus privilegios al asignar permisos para un proveedor externo."
    }
  ],
  "id": "CVE-2017-8032",
  "lastModified": "2024-11-21T03:33:11.267",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-10T20:29:00.860",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.cloudfoundry.org/cve-2017-8032/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.cloudfoundry.org/cve-2017-8032/"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-8032

Vulnerability from cvelistv5

ghsa-9frw-wmvq-5rrc

Vulnerability from github

gsd-2017-8032

Vulnerability from gsd

CVE-2017-8032

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature