Severity
High
Vendor
Cloud Foundry Foundation
Affected Cloud Foundry Products and Versions
- CredHub
- 2.1 versions prior to 2.1.3
- 1.9 versions prior to 1.9.10
- UAA Release (OSS)
- All versions prior to v64.0
Description
Cloudfoundry java products are using an insecure protocol to fetch dependencies when building.
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
- CredHub
- Upgrade 2.1 versions to 2.1.3
- Upgrade 1.9 versions to 1.9.10
- UAA Release (OSS)
- Upgrade all versions to v64.0
History
2019-04-22: Initial vulnerability report published.
