CVE-2020-5400 HIGH

CVE-2020-5400: Cloud Controller logs environment variables from app manifests

Vendor Cloud Foundry
Product CAPI
Weakness CWE-522 · Insufficiently protected credentials
Published February 27, 2020
Last update September 17, 2024

CVSS base score

8.0/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials.

Key dates

02Disclosure timeline

February 27, 2020 CVE published
September 17, 2024 Record updated