CVE-2020-5400

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-5400

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5400.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-5400

Published

2020-02-27T20:15:11.423Z

Modified

2026-04-10T04:27:39.072066Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.

References

https://www.cloudfoundry.org/blog/cve-2020-5400

Affected packages

Git / github.com/cloudfoundry/capi-release

Affected ranges

Type

GIT

Repo

https://github.com/cloudfoundry/capi-release

Events

Introduced

Fixed

29b9b38fc95f713355a4b7422f752d4799ddad5f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.91.0"
        }
    ]
}

Type

GIT

Repo

https://github.com/cloudfoundry/cf-deployment

Events

Introduced

Fixed

3f7161312c3b170f72273006422e245f32b54131

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "12.33.0"
        }
    ]
}

Affected versions

1.*

1.0.0

1.1.0

1.10.0

1.11.0

1.12.0

1.13.0

1.14.0

1.15.0

1.16.0

1.19.0

1.2.0

1.20.0

1.21.0

1.22.0

1.23.0

1.24.0

1.25.0

1.26.0

1.27.0

1.28.0

1.3.0

1.30.0

1.31.0

1.32.0

1.33.0

1.34.0

1.35.0

1.36.0

1.38.0

1.4.0

1.40.0

1.41.0

1.42.0

1.46.0

1.47.0

1.49.0

1.5.0

1.50.0

1.51.0

1.52.0

1.53.0

1.55.0

1.57.0

1.58.0

1.59.0

1.6.0

1.62.0

1.63.0

1.64.0

1.65.0

1.66.0

1.67.0

1.69.0

1.7.0

1.70.0

1.72.0

1.74.0

1.75.0

1.76.0

1.77.0

1.79.0

1.8.0

1.80.0

1.82.0

1.83.0

1.84.0

1.85.0

1.86.0

1.87.0

1.89.0

1.9.0

1.90.0

Other

list

v0.*

v0.0.0

v0.0.1

v0.0.2

v0.1.0

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.2.0

v0.2.1

v0.2.2

v0.28.0

v0.29.0

v0.3.0

v0.30.0

v0.31.0

v0.32.0

v0.33.0

v0.34.0

v0.35.0

v0.36.0

v0.37.0

v0.5.0

v0.7.0

v0.8.0

v0.9.0

v0.9.1

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.16.0

v1.17.0

v1.18.0

v1.19.0

v1.2.0

v1.20.0

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.25.0

v1.26.0

v1.27.0

v1.28.0

v1.29.0

v1.3.0

v1.30.0

v1.31.0

v1.32.0

v1.33.0

v1.34.0

v1.35.0

v1.36.0

v1.37.0

v1.38.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0

v10.*

v10.0.0

v10.1.0

v11.*

v11.0.0

v11.1.0

v11.2.0

v12.*

v12.0.0

v12.1.0

v12.10.0

v12.11.0

v12.12.0

v12.13.0

v12.14.0

v12.15.0

v12.16.0

v12.17.0

v12.18.0

v12.19.0

v12.2.0

v12.20.0

v12.21.0

v12.22.0

v12.23.0

v12.24.0

v12.25.0

v12.26.0

v12.27.0

v12.28.0

v12.29.0

v12.3.0

v12.30.0

v12.31.0

v12.32.0

v12.4.0

v12.5.0

v12.6.0

v12.7.0

v12.8.0

v12.9.0

v2.*

v2.0.0

v2.1.0

v2.2.0

v2.3.0

v2.4.0

v2.5.0

v3.*

v3.0.0

v3.1.0

v3.2.0

v3.3.0

v3.4.0

v3.5.0

v3.6.0

v4.*

v4.0.0

v4.1.0

v4.2.0

v4.3.0

v4.4.0

v4.5.0

v5.*

v5.0.0

v5.1.0

v5.3.0

v5.4.0

v5.5.0

v6.*

v6.0.0

v6.1.0

v6.10.0

v6.2.0

v6.3.0

v6.4.0

v6.5.0

v6.6.0

v6.7.0

v6.8.0

v6.9.0

v7.*

v7.0.0

v7.1.0

v7.2.0

v7.3.0

v7.4.0

v7.5.0

v7.6.0

v7.8.0

v7.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5400.json"