CVE-2016-8219 - OpenCVE

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cloudfoundry	Capi-release Cf-release

Configuration 1 [-]

OR	cpe:2.3:a:cloudfoundry:capi-release::::::::
	cpe:2.3:a:cloudfoundry:cf-release::::::::

No data.

References

Link	Providers
https://www.cloudfoundry.org/cve-2016-8219/

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2017-06-13T06:00:00

Updated: 2024-08-06T02:13:21.853Z

Reserved: 2016-09-13T00:00:00

Link: CVE-2016-8219

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-06-13T06:29:00.270

Modified: 2022-02-09T19:23:56.150

Link: CVE-2016-8219

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cloud Foundry", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cloud Foundry"}]}], "datePublic": "2017-06-12T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails."}], "problemTypes": [{"descriptions": [{"description": "over-privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-13T05:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cloudfoundry.org/cve-2016-8219/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2016-8219", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cloud Foundry", "version": {"version_data": [{"version_value": "Cloud Foundry"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "over-privilege"}]}]}, "references": {"reference_data": [{"name": "https://www.cloudfoundry.org/cve-2016-8219/", "refsource": "CONFIRM", "url": "https://www.cloudfoundry.org/cve-2016-8219/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:13:21.853Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cloudfoundry.org/cve-2016-8219/"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2016-8219", "datePublished": "2017-06-13T06:00:00", "dateReserved": "2016-09-13T00:00:00", "dateUpdated": "2024-08-06T02:13:21.853Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*", "matchCriteriaId": "C599AC5E-A829-456A-A940-5AE7343D0EE6", "versionEndExcluding": "1.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DC01F1A-0B5C-4204-BBFB-2C91D6ABD93A", "versionEndExcluding": "250", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails."}, {"lang": "es", "value": "Se ha descubierto un problema en Cloud Foundry Foundation cf-release en versiones anteriores a 250 y las versiones CAPI-release anteriores a la 1.12.0. Un usuario con el rol SpaceAuditor tiene demasiados privilegios y la capacidad de realizar una copia intermedia de las aplicaciones. Esto podr\u00eda provocar tiempo de inactividad en la aplicaci\u00f3n si la copia intermedia fracasa."}], "id": "CVE-2016-8219", "lastModified": "2022-02-09T19:23:56.150", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-13T06:29:00.270", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.cloudfoundry.org/cve-2016-8219/"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}