CyberSec.Space Logo
Back to CVE Browser

CVE-2020-5399

HIGH
7.4
CVSS Severity Score
EPSS Score0.0110%
EPSS Percentile10.98th
PublishedFeb 12, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.

Affected Platforms (CPE)

📦
Cloudfoundry

Credhub

< 2.5.10
📦
Pivotal Software

Cloud Foundry Cf Deployment

< 12.29.0

References & Advisories

🔗 https://www.cloudfoundry.org/blog/cve-2020-5399
🔗 https://www.cloudfoundry.org/blog/cve-2020-5399

Related Vulnerabilities

CVE-2017-80388.8

In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can p...

CVE-2018-157958.1

Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service bro...

CVE-2019-37827.8

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment varia...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...