CVE-2020-5410
Description
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
Severity: HIGH
CVE ID: CVE-2020-5410
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Proof Of Concept
Nuclei Templates for CVE-2020-5410
Refrence: Project Discovery GitHub
dead5nd
CVE-2020-5410
Refrence: GitHub
osamahamad
CVE-2020-5410 Spring Cloud Config directory traversal vulnerability
Refrence: GitHub
Content on GitHub
DSO-Lab | watchers:83
defvul
DSO-Lab 漏洞研究成果整理
Refrence: GitHub
sule01u | watchers:393
SBSCAN
SBSCAN是一款专注于spring框架的渗透测试工具,可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive information/unauthorized for specified sites and scan and validate spring related vulnerabilities]
Refrence: GitHub
Corgizz | watchers:0
SpringCloud
Spring Cloud Config CVE-2019-3799|CVE_2020_5410 漏洞检测
Refrence: GitHub