{"id":"CVE-2017-8033","details":"An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM.","modified":"2026-03-15T22:24:44.224972Z","published":"2017-07-25T04:29:00.227Z","references":[{"type":"ADVISORY","url":"https://www.cloudfoundry.org/cve-2017-8033/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry-attic/cf-release","events":[{"introduced":"0"},{"fixed":"befcb8a72297f8f132ee6cb4653d7d20cbd57041"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"268"}]}},{"type":"GIT","repo":"https://github.com/cloudfoundry/capi-release","events":[{"introduced":"0"},{"fixed":"ae579cbaab4cfea17e5b85e4db9a83b4c8d52b23"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.35.0"}]}}],"versions":["-","1.0.0","1.1.0","1.10.0","1.11.0","1.12.0","1.13.0","1.14.0","1.15.0","1.16.0","1.17.0","1.18.0","1.19.0","1.2.0","1.20.0","1.21.0","1.22.0","1.23.0","1.24.0","1.25.0","1.26.0","1.27.0","1.28.0","1.29.0","1.3.0","1.30.0","1.31.0","1.32.0","1.33.0","1.34.0","1.4.0","1.5.0","1.6.0","1.7.0","1.8.0","1.9.0","list","log","rc145.0","scotty_09012012","v","v1.0.0","v100","v101","v102","v103","v104","v105","v106","v107","v108","v109","v110","v111","v112","v113","v114","v115","v116","v117","v118","v119","v119-fixed","v120","v121","v122","v123","v124","v125","v126","v127","v128","v129","v130","v131","v132","v133","v134","v135","v136","v137","v138","v139","v140","v141","v142","v143","v144","v145","v146","v147","v148","v149","v150","v151","v152","v153","v154","v155","v156","v157","v158","v159","v160","v161","v162","v163","v164","v165","v166","v168","v169","v170","v171","v172","v173","v175","v176","v177","v178","v179","v180","v182","v183","v186","v187","v188","v189","v190","v191","v192","v193","v194","v195","v196","v197","v198","v199","v200","v201","v202","v203","v204","v205","v206","v207","v208","v209","v210","v211","v212","v213","v214","v215","v217","v218","v219","v220","v221","v222","v223","v224","v225","v226","v227","v228","v229","v230","v231","v232","v233","v234","v235","v236","v237","v238","v239","v240","v241","v242","v243","v244","v245","v246","v247","v248","v249","v250","v251","v252","v253","v254","v255","v256","v257","v258","v259","v260","v261","v262","v263","v264","v265","v266","v267","v68","v69","v70","v71","v72","v73","v74","v75","v76","v77","v78","v79","v80","v81","v82","v83","v84","v85","v86","v87","v88","v89","v90","v91","v92","v93","v94","v95","v95-fixed","v96","v97","v98","v99","works-for-us"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8033.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}