CVE-2019-3777 Information
Feb 14, 2021
cve
Description
Pivotal Application Service (PAS) versions 2.2.x prior to 2.2.12 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3 contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller’s DNS record could intercept access tokens sent to the Cloud Controller giving the attacker access to the user’s resources in the Cloud Controller
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.securityfocus.com/bid/107214 https://pivotal.io/security/cve-2019-3777
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: