CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-5399

HIGH
7.4
CVSS Severity Score
EPSS Score0.0110%
EPSS Percentile10.98th
Published2020年2月12日
Last Modified2024年11月21日

Vulnerability Description

Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.

Affected Platforms (CPE)

📦
Cloudfoundry

Credhub

< 2.5.10
📦
Pivotal Software

Cloud Foundry Cf Deployment

< 12.29.0

References & Advisories

🔗 https://www.cloudfoundry.org/blog/cve-2020-5399
🔗 https://www.cloudfoundry.org/blog/cve-2020-5399

相关漏洞威胁

CVE-2017-80388.8

In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can p...

CVE-2018-157958.1

Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service bro...

CVE-2019-37827.8

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment varia...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...