CVE-2019-3789

Name of the Vulnerable Software and Affected Versions Cloud Foundry Routing Release versions prior to 0.188.0

Description The issue allows traffic hijacking of route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route.

Recommendations For versions prior to 0.188.0, update to version 0.188.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability to create private domains that shadow external domains of route services to prevent traffic hijacking.