#VU30340 Path traversal in Spring Cloud Config - CVE-2020-5405

Cybersecurity Help s.r.o.

Published: 2020-03-05 | Updated: 2020-09-01

Vulnerability identifier: #VU30340

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2020-5405

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Spring Cloud Config
Server applications / Application servers

Vendor: Pivotal

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Spring Cloud Config: 2.2.0. - 2.2.1

External links
https://pivotal.io/security/cve-2020-5405

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Path traversal in Pivotal Spring Cloud Config