Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-3799

CWE-22Path Traversal9 documents9 sources
Severity
6.5MEDIUM
EPSS
89.9%
top 0.43%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Spring Spring Cloud ConfigVmware Spring Cloud ConfigOracle Communications Cloud Native Core Policy
Timeline
PublishedMay 6
Latest updateApr 15

Description

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5spring/spring_cloud_config2.0v2.0.4.RELEASE+2
NVDvmware/spring_cloud_config1.4.01.4.6+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
Path Traversal in Spring Cloud Config2019-05-23
OSV
Path Traversal in Spring Cloud Config2019-05-23
CVEList
Directory Traversal with spring-cloud-config-server2019-05-06

💥Exploits & PoCs

2
Exploit-DB
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)2019-04-30
Nuclei
Spring Cloud Config Server - Local File Inclusion

📋Vendor Advisories

2
Oracle
Oracle Oracle Communications Risk Matrix: Policy (Spring Cloud Config) — CVE-2019-37992022-04-15
Red Hat
spring-cloud-config-server: directory traversal attack using special crafted URL2019-04-16

💬Community

1
Bugzilla
CVE-2019-3799 spring-cloud-config-server: directory traversal attack using special crafted URL2019-05-13
CVE-2019-3799 (MEDIUM CVSS 6.5) | Spring Cloud Config | cvebase.io