N/A

An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."

N/A

N/A

Pivotal CF capi-release、cf-release和cf-deployment 安全漏洞

Pivotal Cloud Foundry（CF）是美国Pivotal Software公司的一套开源的平台即服务（PaaS）云计算平台，它提供容器调度、持续交付和自动化服务部署等功能。cf-release是CF的一个发布版本。cf-deployment是它的开发版本。capi-release是其中的一个云控制器组件。 Pivotal CF capi-release 1.45.0之前的版本、 cf-release v280之前的版本和cf-deployment v1.0.0之前的版本中存在安全漏洞。攻击者

N/A

N/A