CVE-2020-5399

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-5399
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5399.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-5399
Published
2020-02-12T21:15:14.007Z
Modified
2026-04-10T04:27:39.155382Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.

References

Affected packages

Git / github.com/pivotal/credhub-release

Affected ranges

Type
GIT
Repo
https://github.com/pivotal/credhub-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
30410f8635441d4346c59ba22c99fd1e16a9cf90
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.5.10"
        }
    ]
}

Affected versions

0.*
0.1.0
0.2.0
0.3.0
0.4.0
0.5.0
0.5.1
0.6.0
0.6.1
0.7.0
0.8.0
1.*
1.0.0
1.1.0
1.1.0-rc.1
1.1.1
1.1.2
1.2.0
1.3.0
1.3.6
1.3.7
1.4.0
1.5.0
1.6.0
1.6.1
1.6.10
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.7.0
1.7.1
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
1.7.9
1.8.0
1.8.1
1.8.2
1.8.3
1.9.10
1.9.11
1.9.12
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9
2.*
2.0.0
2.0.0-rc.1
2.0.1
2.0.2
2.0.3
2.0.4
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.2.0
2.3.0
2.4.0
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
2.5.7
2.5.8
2.5.9
Other
v1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5399.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "12.29.0"
            }
        ]
    }
]