CVE-2020-5405
MEDIUM NUCLEISpring Cloud Config <2.2.2 & <2.1.7 - Path Traversal
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2020-5405. PoCs published by shoucheng3. A Nuclei detection template is also available.
AI-analyzed exploit summary This repository contains the source code for Spring Cloud Config, specifically the 2.1.6.RELEASE version, which is vulnerable to CVE-2020-5405. The vulnerability involves improper path sanitization leading to directory traversal, allowing attackers to access sensitive files.
Description
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
Exploits (1)
This repository contains the source code for Spring Cloud Config, specifically the 2.1.6.RELEASE version, which is vulnerable to CVE-2020-5405. The vulnerability involves improper path sanitization leading to directory traversal, allowing attackers to access sensitive files.
Nuclei Templates (1)
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N