CVE-2017-8037: Incomplete fix for Cloud Controller API access to CC VM contents
Severity
Critical
References
Affected VMware Products and Versions
Severity is critical unless otherwise noted.
- PCF Elastic Runtime:
- All versions prior to 1.8.0
- 1.8.x versions prior to 1.8.56
- 1.9.x versions prior to 1.9.34
- 1.10.x versions prior to 1.10.21
- 1.11.x versions prior to 1.11.7
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
- Releases that have fixed this issue include:
- PCF Elastic Runtime: 1.8.56, 1.9.34, 1.10.21, 1.11.7