CVE-2020-5400

Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.

Published: Feb 27, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-5400
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
cloudfoundry / cf-deployment	-	12.33.0
cloudfoundry / capi-release	-	1.91.0

https://www.cloudfoundry.org/blog/cve-2020-5400

Vulnerability Database

289,697

CVE-2020-5400