Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.
Advisories
Source ID Title
EUVD EUVD EUVD-2020-26578 Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: pivotal

Published:

Updated: 2024-09-16T19:51:26.662Z

Reserved: 2020-01-03T00:00:00

Link: CVE-2020-5399

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-02-12T21:15:14.007

Modified: 2024-11-21T05:34:04.403

Link: CVE-2020-5399

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.