CVE-2020-5399
7.6
CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cloud Foundry | CredHub | Edge < 2.5.10 | affected |
Weaknesses
- CWE-319: CWE-319: Cleartext Transmission of Sensitive Information
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.