CVE-2019-3789

Published: Apr 24, 2019

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.0

8.8

HIGH

Description

Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route.

Vendor	Product	Versions
Cloud Foundry	CF Routing	affected `All - < 0.188.0`

Weaknesses (CWE)

CWE-840

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://www.cloudfoundry.org/blog/cve-2019-3789

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-3789

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References