CVE-2020-5410
Published: 02 June 2020
Summary
CVE-2020-5410 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Vmware Spring Cloud Config. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
Spring Cloud Config versions 2.2.x prior to 2.2.3, 2.1.x prior to 2.1.9, and older unsupported releases are affected by a directory traversal vulnerability in the spring-cloud-config-server module. The flaw allows the server to expose arbitrary configuration files when processing requests, corresponding to CWE-22 and CWE-23 with a CVSS 3.1 base score of 7.5 reflecting network-accessible confidentiality impact without authentication.
An unauthenticated attacker can exploit the issue by submitting a request containing a specially crafted URL path. Successful traversal grants read access to files outside the intended configuration directories, enabling disclosure of sensitive application data stored on the server.
The Tanzu VMware security advisory at the referenced URL details the affected versions and remediation steps, while CISA lists CVE-2020-5410 in its catalog of known exploited vulnerabilities, confirming observed in-the-wild attacks.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-0451
Vulnerability details
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially…
more
crafted URL that can lead to a directory traversal attack.
- CWE(s)
- KEV Date Added
- 25 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces access restrictions so the config server cannot return files outside the intended directories via crafted paths.
Requires validation of URL path input to reject directory traversal sequences such as '../' before they reach the config server.
Enforces information-flow rules that limit which files may be disclosed, blocking the unauthorized read access granted by the traversal flaw.