PT-2019-16729 · Cloud Foundry · Cf-Deployment

Published

2019-04-25

Updated

2021-10-29

CVE-2019-3801

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloud Foundry cf-deployment versions prior to 7.9.0

Description The issue concerns the use of an insecure protocol by java components in Cloud Foundry cf-deployment to fetch dependencies during the building process. This could allow a remote unauthenticated malicious attacker to hijack the DNS entry for the dependency and inject malicious code into the component.

Recommendations For versions prior to 7.9.0, update to version 7.9.0 or later to resolve the issue.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-494CWE-319

Related Identifiers

CVE-2019-3801

Affected Products

Cf-Deployment

PT-2019-16729 · Cloud Foundry · Cf-Deployment

CVE-2019-3801

Weakness Enumeration

Related Identifiers

Affected Products

References · 4