CVE-2019-3789

HIGH Year: 2019
CVSS v3 Score
8.8
High
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-840
View all →

Vulnerability Description

Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route.

Related Vulnerabilities

CVE-2019-3787

HIGH
CVSS:8.8(High)

Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is ...

CWE-8402019

CVE-2022-0935

HIGH
CVSS:8.8(High)

Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.

CWE-8402022

CVE-2023-6514

HIGH
CVSS:8.8(High)

The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted fu...

CWE-8402023

CVE-2023-6017

HIGH
CVSS:8.7(High)

H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL.

CWE-8402023

CVE-2022-1848

CRITICAL
CVSS:9.0(Critical)

Business Logic Errors in GitHub repository erudika/para prior to 1.45.11.

CWE-8402022

CVE-2023-1887

HIGH
CVSS:8.3(High)

Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CWE-8402023