Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-5399

Опубликовано: 12 фев. 2020
Источник: nvd
CVSS3: 7.6
CVSS3: 7.4
CVSS2: 5.8
EPSS Низкий

Описание

Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cloudfoundry:credhub:*:*:*:*:*:*:*:*
Версия до 2.5.10 (исключая)
cpe:2.3:a:pivotal_software:cloud_foundry_cf-deployment:*:*:*:*:*:*:*:*
Версия до 12.29.0 (исключая)

EPSS

Процентиль: 42%
0.002
Низкий

7.6 High

CVSS3

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-319
CWE-319

Связанные уязвимости

github логотип

GHSA-w39h-6cmp-6crw

github
больше 3 лет назад

Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.

EPSS

Процентиль: 42%
0.002
Низкий

7.6 High

CVSS3

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-319
CWE-319