CVE-2020-5405 — MEDIUM (6.5)

Q: How severe is CVE-2020-5405?

CVE-2020-5405 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-5405?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Cloud Config.

Vulnerability Description

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Vmware	Spring Cloud Config	>= 2.1.0, < 2.1.7

Related Weaknesses (CWE)

CWE-22 CWE-23

References

https://pivotal.io/security/cve-2020-5405Vendor Advisory
https://pivotal.io/security/cve-2020-5405Vendor Advisory

FAQ

What is CVE-2020-5405?

CVE-2020-5405 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-con...

How severe is CVE-2020-5405?

CVE-2020-5405 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5405?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Cloud Config.