{"vulnerability": "CVE-2020-5426", "sightings": [{"uuid": "0ed65208-9258-4d71-a42d-8c4d3f75ec3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-5426", "type": "seen", "source": "https://t.me/cibsecurity/16179", "content": "\u203c CVE-2020-5426 \u203c\n\nScheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-11T20:30:28.000000Z"}]}