Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2020/04/24 10:33 p.m.22 views

CVE-2020-5405

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

6.5CVSS5.4AI score0.6876EPSS
Exploits0References3
OSV
OSV
added 2020/03/05 7:15 p.m.24 views

CVE-2020-5405

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

6.5CVSS6.8AI score0.6876EPSS
Exploits0References1
CVE
CVE
added 2020/03/05 7:0 p.m.169 views

CVE-2020-5405

Spring Cloud Config - Local File Inclusion (CVE-2020-5405): Affects Spring Cloud Config Server in 2.2.x before 2.2.2 and 2.1.x before 2.1.7 (older/unsupported). Exploitable via a crafted URL to serve arbitrary configuration files, enabling potential data exposure. Remediation: upgrade to patched ...

6.5CVSS6.7AI score0.6876EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/03/05 7:0 p.m.37 views

CVE-2020-5405 Directory Traversal with spring-cloud-config-server

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

6.7AI score0.6876EPSS
Exploits0References1
Rows per page
Query Builder