{"id":"CVE-2017-14389","details":"An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an \"Application Subdomain Takeover.\"","modified":"2026-04-10T03:58:40.316979Z","published":"2017-11-28T07:29:00.303Z","references":[{"type":"REPORT","url":"https://www.cloudfoundry.org/cve-2017-14389/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry-attic/cf-release","events":[{"introduced":"0"},{"fixed":"2ee1f4f1e1f1a96101766b726f40038cf0b2ce11"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"280"}]}},{"type":"GIT","repo":"https://github.com/cloudfoundry/capi-release","events":[{"introduced":"0"},{"fixed":"d5146b2d88a781dae70104c7c3286adf94436bbd"},{"introduced":"0"},{"fixed":"c4351f15e9900b53eb50dd42ad8ad3f0ee943da5"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.45.0"},{"introduced":"0"},{"fixed":"1.0.0"}]}}],"versions":["-","1.0.0","1.1.0","1.10.0","1.11.0","1.12.0","1.13.0","1.14.0","1.15.0","1.16.0","1.19.0","1.2.0","1.20.0","1.21.0","1.22.0","1.23.0","1.24.0","1.25.0","1.26.0","1.27.0","1.28.0","1.3.0","1.30.0","1.31.0","1.32.0","1.33.0","1.34.0","1.35.0","1.36.0","1.38.0","1.4.0","1.40.0","1.41.0","1.42.0","1.5.0","1.6.0","1.7.0","1.8.0","1.9.0","list","log","rc145.0","scotty_09012012","v1.0.0","v100","v102","v103","v104","v105","v109","v119","v132","v133","v134","v135","v136","v137","v140","v143","v156","v157","v161","v170","v183","v205","v245","v249","v253","v260","v262","v275","v276","v278","v99","works-for-us"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14389.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}