CVSS: 7.5EPSS: 94%CPEs: 2EXPL: 3CVE-2020-5410 – VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2020-5410
02 Jun 2020 — Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config, las versiones 2.2.x anteriores a 2.2.3, versiones 2.1.x anteriores a 2.1.9, y las versiones más antiguas no compatibles, permiten a las aplicacio... • https://packetstorm.news/files/id/181125 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 6.5EPSS: 70%CPEs: 2EXPL: 0CVE-2020-5405 – Directory Traversal with spring-cloud-config-server
https://notcve.org/view.php?id=CVE-2020-5405
05 Mar 2020 — Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. Spring Cloud Config, versiones 2.2.x anteriores a 2.2.2, versiones 2.1.x anteriores a 2.1.7 y versiones anteriores no compatibles, permite a unas aplicaciones servir arc... • https://pivotal.io/security/cve-2020-5405 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •