VYPR

CredHub CLI

by Cloudfoundry

CVEs (2)

  • CVE-2020-5399Feb 12, 2020
    risk 0.00cvss epss 0.01

    Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized…

  • CVE-2019-3782Feb 13, 2019
    risk 0.00cvss epss 0.00

    Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to…