Added CVE-2020-5412.

2025-08-04 08:44:25 +00:00 · 2020-08-07 13:40:20 -07:00 · 2020-08-07 13:40:20 -07:00 · bee16c4c66
commit bee16c4c66
parent 5aa7671c21
1 changed files with 62 additions and 5 deletions
--- a/2020/5xxx/CVE-2020-5412.json
+++ b/2020/5xxx/CVE-2020-5412.json
@ -3,16 +3,73 @@
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security@pivotal.io",
+        "DATE_PUBLIC": "2020-08-05T00:00:00.000Z",
        "ID": "CVE-2020-5412",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard"
+    },
+    "source": {
+        "discovery": "UNKNOWN"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Spring Cloud Netflix",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "2.2",
+                                            "version_value": "2.2.4"
+                                        },
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "2.1",
+                                            "version_value": "2.1.6"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Spring by VMware"
+                }
+            ]
+        }
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly."
            }
        ]
-    }
-}
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-441: Unintended Proxy or Intermediary"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://tanzu.vmware.com/security/cve-2020-5412",
+                "name": "https://tanzu.vmware.com/security/cve-2020-5412"
+            }
+        ]
+    },
+    "impact": null
+}