PT-2019-16729 · Cloud Foundry · Cf-Deployment

Publicado

2019-04-25

Atualizado

2021-10-29

CVE-2019-3801

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloud Foundry cf-deployment versions prior to 7.9.0

Description The issue concerns the use of an insecure protocol by java components in Cloud Foundry cf-deployment to fetch dependencies during the building process. This could allow a remote unauthenticated malicious attacker to hijack the DNS entry for the dependency and inject malicious code into the component.

Recommendations For versions prior to 7.9.0, update to version 7.9.0 or later to resolve the issue.

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-494CWE-319

Identificadores relacionados

CVE-2019-3801

Produtos afetados

Cf-Deployment

PT-2019-16729 · Cloud Foundry · Cf-Deployment

CVE-2019-3801

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4