CVE-2020-5400
MEDIUMCloud Foundry CAPI < 1.91.0 - Insufficiently Protected Credentials in Background Job Logs
Title source: llmDescription
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2020-5400
Scores
CVSS v3
6.5
EPSS
0.0075
EPSS Percentile
50.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
CWE-532
Status
published
Products (2)
cloudfoundry/capi-release
< 1.91.0
cloudfoundry/cf-deployment
< 12.33.0
Published
Feb 27, 2020
Tracked Since
Feb 18, 2026