Lucene search
PivotalCVELIST:CVE-2020-5405HistoryMar 05, 2020 - 7:00 p.m.
CVE-2020-5405 Directory Traversal with spring-cloud-config-server
2020-03-0519:00:19
CWE-23
pivotal
www.cve.org
5
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
CNA Affected
[
{
"product": "Spring Cloud Config",
"vendor": "Spring by VMware",
"versions": [
{
"lessThan": "2.2.2",
"status": "affected",
"version": "2.2",
"versionType": "custom"
},
{
"lessThan": "2.1.7",
"status": "affected",
"version": "2.1",
"versionType": "custom"
}
]
}
]References
Related
osv
osv
CVE-2020-5405
2020-03-05 19:15:11
Directory traversal attack in Spring Cloud Config
2020-06-05 16:11:36
cve
cve
CVE-2020-5405
2020-03-05 19:15:11
github
github
Directory traversal attack in Spring Cloud Config
2020-06-05 16:11:36
nvd
nvd
CVE-2020-5405
2020-03-05 19:15:11
redhatcve
redhatcve
CVE-2020-5405
2020-04-24 22:33:39
veracode
veracode
Directory Traversal
2020-03-06 03:25:21
nuclei
nuclei
Spring Cloud Config - Local File Inclusion
2020-07-06 16:22:18
prion
prion
Directory traversal
2020-03-05 19:15:00
ibm
ibm
openvas
openvas
Generic HTTP Directory Traversal (Web Dirs) - Active Check
2021-07-22 00:00:00