CVE-2020-5410 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2020-5410?

CVE-2020-5410 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-5410?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Cloud Config.

Vulnerability Description

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Vmware	Spring Cloud Config	>= 2.1.0, < 2.1.9

Related Weaknesses (CWE)

CWE-22 CWE-23

References

https://tanzu.vmware.com/security/cve-2020-5410Vendor Advisory
https://tanzu.vmware.com/security/cve-2020-5410Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-US Government Resource

FAQ

What is CVE-2020-5410?

CVE-2020-5410 is a vulnerability with a CVSS score of 7.5 (HIGH). Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-con...

How severe is CVE-2020-5410?

CVE-2020-5410 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5410?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Cloud Config.