All Vulnerability Reports

CVE-2019-3789: Gorouter allows space developer to hijack route services hosted outside the platform


Severity

High

Vendor

Pivotal

Affected VMware Products and Versions

Severity is high unless otherwise noted.

  • Pivotal Application Service (PAS)
    • 2.2.x versions prior to 2.2.14
    • 2.3.x versions prior to 2.3.9
    • 2.4.x versions prior to 2.4.5
    • 2.5.x versions prior to 2.5.1
  • PCF Isolation Segment
    • 2.2.x versions prior to 2.2.14
    • 2.3.x versions prior to 2.3.9
    • 2.4.x versions prior to 2.4.5
    • 2.5.x versions prior to 2.5.1

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
  • Releases that have fixed this issue include:

    • Pivotal Application Service (PAS) 2.2.x versions prior to 2.2.14
    • Pivotal Application Service (PAS) 2.3.x versions prior to 2.3.9
    • Pivotal Application Service (PAS) 2.4.x versions prior to 2.4.5
    • Pivotal Application Service (PAS) 2.5.x versions prior to 2.5.1

    • PCF Isolation Segment 2.2.x versions prior to 2.2.14
    • PCF Isolation Segment 2.3.x versions prior to 2.3.9
    • PCF Isolation Segment 2.4.x versions prior to 2.4.5
    • PCF Isolation Segment 2.5.x versions prior to 2.5.1

References