CVE-2020-5399
CredHub does not properly enable TLS for MySQL database connections
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.
CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Productos afectados
Cloud Foundry · CredHub¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →