CVE-2017-14389

UNKNOWN

Published 2017-11-28T07:00:00

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-14389. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-2mjv-62fw-hvv4

Advisory Details

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-14389

WEB https://www.cloudfoundry.org/cve-2017-14389

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: April 20, 2025

References

https://www.cloudfoundry.org/cve-2017-14389/

HackerOne Reports

Subdomain Takeover Via via Dangling NS records on Amazon Route 53 http://api.e2e-kops-aws-canary.test-cncf-aws.canary.k8s.io Medium

todayisnew

Kubernetes

$250.00

Improper Authentication - Generic

View Report

Published: 2017-11-28T07:00:00

Last Modified: 2024-08-05T19:27:40.603Z

Copied to clipboard!

CVE-2017-14389

Expert Analysis

Description

Available Exploits

Related News

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

HackerOne Reports

Request Analysis

What to expect

Request Received!