CVE-2020-5399: CredHub does not properly enable TLS for MySQL database connections
First published: Wed Feb 12 2020(Updated: )
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.
Credit: security@pivotal.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloudfoundry Credhub | <2.5.10 | |
| Pivotal Software Cloud Foundry Cf-deployment | <12.29.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-5399.
What is the severity level of CVE-2020-5399?
CVE-2020-5399 has a severity level of high.
What software versions are affected by CVE-2020-5399?
Cloud Foundry CredHub versions prior to 2.5.10 and Pivotal Software Cloud Foundry Cf-deployment versions prior to 12.29.0 are affected by CVE-2020-5399.
How does CVE-2020-5399 impact the security of CredHub?
CVE-2020-5399 allows a malicious user with network access between CredHub and its MySQL database to eavesdrop on database connections and gain unauthorized access to CredHub and other resources.
Where can I find more information about CVE-2020-5399?
More information about CVE-2020-5399 can be found at https://www.cloudfoundry.org/blog/cve-2020-5399
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/title
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/cloudfoundry
- canonical/cloudfoundry credhub
- vendor/pivotal software
- canonical/pivotal software cloud foundry cf-deployment