Cloud Foundry Cf Deployment

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:pivotal_software:cloud_foundry_cf-deployment:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorPivotal Software (a7eef617-cad9-5400-bbf0-2e56b16d90a7)
ProductCloud Foundry Cf Deployment (db2bdaf5-5daa-5683-b110-87c562732bc2)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/cloudfoundry/cf-deployment purl2cpe 2026-06-01 10:11:00.543628

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-5399 vulnerable 2026-06-03 14:42:56.385586 CredHub does not properly enable TLS for MySQL database connections
HIGH (7.6)
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.
Published: 2020-02-12T20:30:17.255Z
Updated: 2024-09-16T19:51:26.662Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-1192 vulnerable 2026-06-03 14:38:30.505625 Details available
In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user.
Published: 2018-02-01T20:00:00.000Z
Updated: 2024-08-05T03:51:49.039Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.