CVE-2019-3777
Pivotal Application Service (PAS) versions 2.2.x before 2.2.12, 2.3.x before 2.3.7, and 2.4.x before 2.4.3 contain an apps manager that uses a Cloud Controller proxy which fails to verify SSL certificates. A remote unauthenticated attacker could hijack the Cloud Controller’s DNS record to interce...