CVE-2020-5399
HIGHCloud Foundry CredHub < 2.5.10 - Cleartext Transmission of Sensitive Information via MySQL Database Connection
Title source: llmDescription
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2020-5399
Scores
CVSS v3
7.4
EPSS
0.0053
EPSS Percentile
40.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-319
Status
published
Products (2)
cloudfoundry/credhub
< 2.5.10
pivotal_software/cloud_foundry_cf-deployment
< 12.29.0
Published
Feb 12, 2020
Tracked Since
Feb 18, 2026