CVE-2019-3793 – Invitations Service supports HTTP connections

https://notcve.org/view.php?id=CVE-2019-3793

Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests. Pivotal Apps Manager Release, versiones 665.0.x anteriores a 665.0.28, versiones 666.0.x anteriores a 666.0.21, versiones 667.0.x anteriores a 667.0.7, presentan un servicio de invitación que acepta HTTP. Un usuario remoto no autenticado podría captar el tráfico de la red y lograr acceso a las credenciales de autorización usadas para realizar las solicitudes de invitación. • https://pivotal.io/security/cve-2019-3793 • CWE-300: Channel Accessible by Non-Endpoint CWE-319: Cleartext Transmission of Sensitive Information •