CVE-2019-3785

Name of the Vulnerable Software and Affected Versions Cloud Foundry Cloud Controller versions prior to 1.78.0

Description The issue concerns an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service.

Recommendations For versions prior to 1.78.0, update to version 1.78.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected endpoint to minimize the risk of exploitation.