First published: Mon Feb 24 2020(Updated: )
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.
Credit: security@pivotal.io
Affected Software | Affected Version | How to fix |
---|---|---|
Cloudfoundry Capi-release | <1.91.0 | |
Cloudfoundry Cf-deployment | <12.33.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-5400 is a vulnerability in Cloud Foundry Cloud Controller (CAPI) versions prior to 1.91.0.
CVE-2020-5400 allows a malicious user with access to job logs to potentially gain unauthorized access to protected resources in Cloud Foundry.
Cloud Foundry Cloud Controller (CAPI) versions prior to 1.91.0 and cf-deployment versions prior to 12.33.0 are affected by CVE-2020-5400.
The severity of CVE-2020-5400 is high with a CVSS score of 6.5.
To fix CVE-2020-5400, it is recommended to upgrade to Cloud Foundry Cloud Controller (CAPI) version 1.91.0 or later.