CVE-2019-3789: Gorouter allows space developer to hijack route services hosted outside the platform
Severity
High
Vendor
Pivotal
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- Pivotal Application Service (PAS)
- 2.2.x versions prior to 2.2.14
- 2.3.x versions prior to 2.3.9
- 2.4.x versions prior to 2.4.5
- 2.5.x versions prior to 2.5.1
- PCF Isolation Segment
- 2.2.x versions prior to 2.2.14
- 2.3.x versions prior to 2.3.9
- 2.4.x versions prior to 2.4.5
- 2.5.x versions prior to 2.5.1
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
- Releases that have fixed this issue include:
- Pivotal Application Service (PAS) 2.2.x versions prior to 2.2.14
- Pivotal Application Service (PAS) 2.3.x versions prior to 2.3.9
- Pivotal Application Service (PAS) 2.4.x versions prior to 2.4.5
- Pivotal Application Service (PAS) 2.5.x versions prior to 2.5.1
- PCF Isolation Segment 2.2.x versions prior to 2.2.14
- PCF Isolation Segment 2.3.x versions prior to 2.3.9
- PCF Isolation Segment 2.4.x versions prior to 2.4.5
- PCF Isolation Segment 2.5.x versions prior to 2.5.1