← Back

Pivotal Scheduler

pivotal_scheduler

Vendor: Vmware • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-5426
1Vmware
1Pivotal Scheduler
Nov 21, 2024
Nov 11, 2020
N/A· v4
9.8 CRITICAL· v3
4.3 MEDIUM· v2
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cac...Show more
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.Show less