Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CredHub does not properly enable TLS for MySQL database connections
Vulnerability Description
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.
CVSS Information
N/A
Vulnerability Type
敏感数据的明文传输
Vulnerability Title
Cloud Foundry CredHub 安全漏洞
Vulnerability Description
Cloud Foundry CredHub是美国Cloud Foundry基金会的一款为Cloud Foundry设计的集中凭证管理组件。 Cloud Foundry CredHub 2.5.10之前版本中存在安全漏洞,该漏洞源于在配置TLS协议时,CredHub未借助TLS协议直接连接MySQL数据库。攻击者可利用该漏洞监听CredHub和MySQL之间的通信,进而访问CredHub和其他组件。
CVSS Information
N/A
Vulnerability Type
N/A