Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: pivotal

Published: 2020-02-12T20:30:17.255850Z

Updated: 2024-09-16T19:51:26.662Z

Reserved: 2020-01-03T00:00:00

Link: CVE-2020-5399

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-02-12T21:15:14.007

Modified: 2024-11-21T05:34:04.403

Link: CVE-2020-5399

cve-icon Redhat

No data.