admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 10:41:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2020-5410

Browse Source
This commit is contained in:
tardc 2020-07-17 14:38:43 +08:00
parent 2dfb62a0a4
commit 2470505be5
5 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Spring/CVE-2020-5410/CVE-2020-5410_1.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 91 KiB

BIN
Spring/CVE-2020-5410/CVE-2020-5410_2.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 74 KiB

BIN
Spring/CVE-2020-5410/CVE-2020-5410_3.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 66 KiB

BIN
Spring/CVE-2020-5410/CVE-2020-5410_4.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 80 KiB

17
Spring/CVE-2020-5410/README.md Normal file
View File

@ -0,0 +1,17 @@
# CVE-2020-5410 Spring Cloud Config Server Directory Traversal
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
**Affected Version**: Spring Cloud Config 2.2.x - 2.2.3, 2.1.x - 2.1.9, older unsupported versions
**[FOFA](https://fofa.so/result?qbase64=YXBwPSJTcHJpbmdCb290Ig%3D%3D) query rule**: app="SpringBoot"
# Demo
![](CVE-2020-5410_1.jpg)
![](CVE-2020-5410_2.jpg)
![](CVE-2020-5410_3.jpg)
![](CVE-2020-5410_4.jpg)