Cloudfoundry Credhub
By the Year
In 2023 there have been 0 vulnerabilities in Cloudfoundry Credhub . Credhub did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 7.40 |
| 2019 | 1 | 9.80 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Credhub vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cloudfoundry Credhub Security Vulnerabilities
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS
CVE-2020-5399
7.4 - High
- February 12, 2020
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.
Cleartext Transmission of Sensitive Information
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components
CVE-2019-3801
9.8 - Critical
- April 25, 2019
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.
Cleartext Transmission of Sensitive Information
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cloudfoundry Uaa Release or by Cloudfoundry? Click the Watch button to subscribe.
