CVE-2020-5400
Last modified
CVE-2020-5400 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.. EPSS estimates a 0.75% chance of exploitation in the next 30 days.
Description
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cloudfoundry | Capi-Release | < 1.91.0 |
| Cloudfoundry | Cf-Deployment | < 12.33.0 |
References
- https://www.cloudfoundry.org/blog/cve-2020-5400Vendor Advisory
- https://www.cloudfoundry.org/blog/cve-2020-5400Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-5400?
How severe is CVE-2020-5400?
How do I fix CVE-2020-5400?
Are you affected by CVE-2020-5400?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST