ID:4558 - Exploit for Path traversal in Spring Cloud Config - CVE-2020-5405

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:4558 - Exploit for Path traversal in Spring Cloud Config - CVE-2020-5405

ID:4558 - Exploit for Path traversal in Spring Cloud Config - CVE-2020-5405

Published: September 1, 2020


Vulnerability identifier: #VU30340
Vulnerability risk: Medium
CVE-ID: CVE-2020-5405
CWE-ID: CWE-22
Exploitation vector: Remote access
Vulnerable software:
Spring Cloud Config

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.


Remediation

Install update from vendor's website.