2 matches found
CVE-2020-5399
CVE-2020-5399 affects Cloud Foundry CredHub prior to 2.5.10, where the MySQL connection is established without TLS despite configuration to use TLS. This enables an attacker with network access between CredHub and the MySQL database to eavesdrop on connections and potentially gain unauthorized ac...
CVE-2019-3801
CVE-2019-3801 affects Cloud Foundry cf-deployment versions prior to 7.9.0. The Java components fetch dependencies over an insecure HTTP channel, enabling a remote, unauthenticated attacker to hijack the dependency DNS entry and inject malicious code into the component during build. Practical impa...