CVE-2020-5400
MEDIUMCloudfoundry Capi-release - Insufficiently Protected Credentials
Title source: ruleDescription
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2020-5400
Scores
CVSS v3
6.5
EPSS
0.0033
EPSS Percentile
55.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
CWE-532
Status
published
Products (2)
cloudfoundry/capi-release
< 1.91.0
cloudfoundry/cf-deployment
< 12.33.0
Published
Feb 27, 2020
Tracked Since
Feb 18, 2026