CVE-2020-5400 Vulnerability Details

  /     /     /  

CVE-2020-5400 Metadata Quick Info

CVE Published: 27/02/2020 | CVE Updated: 17/09/2024 | CVE Year: 2020
Source: pivotal | Vendor: Cloud Foundry | Product: CAPI
Status : PUBLISHED

---

CVE-2020-5400 Description

Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-522
CWE Name: CWE-522: Insufficiently Protected Credentials
Source: Cloud Foundry

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).