Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2020/04/24 10:33 p.m.22 views

CVE-2020-5405

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

6.5CVSS5.4AI score0.6876EPSS
Exploits0References3
osv
osv
added 2020/03/05 7:15 p.m.24 views

CVE-2020-5405

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

6.5CVSS6.8AI score0.6876EPSS
Exploits0References1
cvelist
cvelist
added 2020/03/05 7:0 p.m.37 views

CVE-2020-5405 Directory Traversal with spring-cloud-config-server

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

6.7AI score0.6876EPSS
Exploits0References1
cve
cve
added 2020/03/05 7:0 p.m.169 views

CVE-2020-5405

Spring Cloud Config - Local File Inclusion (CVE-2020-5405): Affects Spring Cloud Config Server in 2.2.x before 2.2.2 and 2.1.x before 2.1.7 (older/unsupported). Exploitable via a crafted URL to serve arbitrary configuration files, enabling potential data exposure. Remediation: upgrade to patched ...

6.5CVSS6.7AI score0.6876EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder