← Back

Credhub

credhub

Vendor: Cloudfoundry • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-5399
2Cloudfoundry
Pivotal Software
2Cloud Foundry Cf Deployment
Credhub
Nov 21, 2024
Feb 12, 2020
N/A· v4
7.4 HIGH· v3
5.8 MEDIUM· v2
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop...Show more
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.Show less
CVE-2019-3801
1Cloudfoundry
3Cf Deployment
CredhubUaa Release
Nov 21, 2024
Apr 25, 2019
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entr...Show more
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.Show less