⚠ Actively exploited
Added to CISA KEV on 2022-03-25. Federal agencies required to patch by 2022-04-15. Required action: Apply updates per vendor instructions..

CVE-2020-5410

CWE-23CWE-22Path Traversal11 documents11 sources
Severity
7.5HIGH
EPSS
94.4%
top 0.04%
CISA KEV
KEV
Added 2022-03-25
Due 2022-04-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Spring BY Vmware Spring Cloud ConfigVmware Spring Cloud Config
Timeline
PublishedJun 2
KEV addedMar 25
KEV dueApr 15
Latest updateJan 15
CISA Required Action: Apply updates per vendor instructions.

Description

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDvmware/spring_cloud_config2.1.02.1.9+1
CVEListV5spring_by_vmware/spring_cloud_config2.12.1.9+1

🔴Vulnerability Details

4
OSV
Directory traversal attack in Spring Cloud Config2020-06-05
GHSA
Directory traversal attack in Spring Cloud Config2020-06-05
CVEList
Directory Traversal with spring-cloud-config-server2020-06-02
VulnCheck
VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability2020

💥Exploits & PoCs

1
Nuclei
Spring Cloud Config Server - Local File Inclusion

🔍Detection Rules

1
Suricata
ET EXPLOIT VMware Spring Cloud Directory Traversal (CVE-2020-5410)2020-06-15

📋Vendor Advisories

3
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Common (Spring Cloud Config) — CVE-2020-54102024-01-15
CISA
VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability2022-03-25
Red Hat
spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack2020-05-15

💬Community

1
Bugzilla
CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack2020-06-09
CVE-2020-5410 (HIGH CVSS 7.5) | Spring Cloud Config | cvebase.io