Spring Cloud Config Server – CVE-2020-5410


Kayran has detected that the Version of Spring Cloud Config Server being used is vulnerable to Directory Traversal.
The current and older unsupported versions could allow applications to serve arbitrary configuration files via the ‘spring-cloud-config-server’ module.

CVE-2020-5410 is categorized as a ‘Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)’ vulnerability (CWE-22).
These Vulnerabilities occur when the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.
But in fact, the software does not properly neutralize special elements within the pathname that can cause it to resolve to a location that is outside of the restricted directory.

Attackers could abuse this to send a request using a specific crafted URL that can lead to Directory Traversal attacks against your assets.
That will assist attackers in obtaining sensitive information (Information Disclosure).


To fix CVE-2020-5410, upgrade the version of Spring Cloud Config Server being used to either 2.1.9 or 2.2.3.





< Return to all Vulnerabilities

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »


How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »


In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »