// For flags

CVE-2020-5410

VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.

Spring Cloud Config, las versiones 2.2.x anteriores a 2.2.3, versiones 2.1.x anteriores a 2.1.9, y las versiones más antiguas no compatibles, permiten a las aplicaciones servir archivos de configuración arbitrarios por medio del módulo spring Cloud-config-server. Un usuario malicioso, o un atacante, puede enviar una petición usando una URL especialmente diseñada que puede conllevar a un ataque de salto de directorio.

A flaw was found in spring-cloud-config in versions prior to 2.1.9 and 2.2.3. Applications are allowed to serve arbitrary configuration files through the spring-cloud-config-server module allowing an attacker to send a request using a specially crafted URL to create a directory traversal attack. The highest threat from this vulnerability is to data confidentiality.

Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-03 CVE Reserved
  • 2020-06-02 CVE Published
  • 2020-06-16 First Exploit
  • 2022-03-25 Exploited in Wild
  • 2022-04-15 KEV Due Date
  • 2024-09-16 CVE Updated
  • 2024-10-29 EPSS Updated
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-23: Relative Path Traversal
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
Spring Cloud Config
Search vendor "Vmware" for product "Spring Cloud Config"
>= 2.1.0 < 2.1.9
Search vendor "Vmware" for product "Spring Cloud Config" and version " >= 2.1.0 < 2.1.9"
-
Affected
Vmware
Search vendor "Vmware"
Spring Cloud Config
Search vendor "Vmware" for product "Spring Cloud Config"
>= 2.2.0 < 2.2.3
Search vendor "Vmware" for product "Spring Cloud Config" and version " >= 2.2.0 < 2.2.3"
-
Affected