750 matches found
ai.hyacinth.framework:core-service-config-server (=0.5.24), cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE) +12 more potentially affected by CVE-2020-5405 via org.springframework.cloud:spring-cloud-config-server (>=2.2.0.RELEASE <=2.2.1.RELEASE)
org.springframework.cloud:spring-cloud-config-server MAVEN version =2.2.0.RELEASE, =0.0.1-RELEASE, =6.2.0-RC1, =6.2.0-RC1, =2.2.0.RELEASE, =2.2.0.RELEASE, =2.2.1.RELEASE Source cves: CVE-2020-5405 Source advisory: OSV...
Directory traversal attack in Spring Cloud Config
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
GHSA-G86W-V5VG-9GXF Directory traversal attack in Spring Cloud Config
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
Directory Traversal
spring-cloud-config-server is vulnerable to directory traversal. The vulnerability exists as it does not verify that the resources are served from allowed locations. An attacker is able to retrieve and read arbitrary system files using file:// or ../ characters...
VMware Spring Cloud Config Path Traversal Vulnerability
VMware Spring Cloud Config is a configuration management solution for distributed systems from VMware. The product is mainly for the external configuration of distributed systems to provide server and client support. A path traversal vulnerability exists in the Spring-cloud-config-server module i...
CVE-2020-5410
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
CVE-2020-5410
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
Directory traversal
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
CVE-2020-5410 Directory Traversal with spring-cloud-config-server
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
CVE-2020-5410 Directory Traversal with spring-cloud-config-server
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
CVE-2020-5410
CVE-2020-5410 affects VMware/Tanzu Spring Cloud Config Server. Versions 2.2.x before 2.2.3 and 2.1.x before 2.1.9 (and older unsupported) are vulnerable to a directory-traversal where a crafted URL can cause the server to serve arbitrary configuration files. Root cause: inadequate validation in t...
CVE-2020-5410
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
PT-2020-4063 · Spring · Spring Cloud Config
Name of the Vulnerable Software and Affected Versions: Spring Cloud Config versions 2.1.x prior to 2.1.9 Spring Cloud Config versions 2.2.x prior to 2.2.3 Spring Cloud Config older unsupported versions Description: The issue allows applications to serve arbitrary configuration files through the...
CVE-2020-5405
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
Directory Traversal
spring-cloud-config-client is vulnerable to directory traversal. The attack is possible because it fails to validate the names and labels in environment and resource controller, allowing an attacker to provide malicious configuration files by exploiting the vulnerability...
CVE-2020-5405
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
CVE-2020-5405
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
Directory traversal
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
CVE-2020-5405 Directory Traversal with spring-cloud-config-server
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
CVE-2020-5405
Spring Cloud Config - Local File Inclusion (CVE-2020-5405): Affects Spring Cloud Config Server in 2.2.x before 2.2.2 and 2.1.x before 2.1.7 (older/unsupported). Exploitable via a crafted URL to serve arbitrary configuration files, enabling potential data exposure. Remediation: upgrade to patched ...