Lucene search

PivotalCVELIST:CVE-2020-5399

HistoryFeb 12, 2020 - 12:00 a.m.

CVE-2020-5399 CredHub does not properly enable TLS for MySQL database connections

2020-02-1200:00:00

CWE-319

pivotal

www.cve.org

7.6 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.9%

JSON

Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.

CNA Affected

[
  {
    "product": "CredHub",
    "vendor": "Cloud Foundry",
    "versions": [
      {
        "lessThan": "2.5.10",
        "status": "affected",
        "version": "Edge",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cloudfoundry.org/blog/cve-2020-5399

7.6 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.9%

JSON

Related for CVELIST:CVE-2020-5399