What is CVE-2020-5405?

CVE-2020-5405 is a vulnerability in Spring By Vmware Cloud Config, classified under Relative Path Traversal. Published 2020-03-05.

Is CVE-2020-5405 known to be exploited?

37 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Spring By Vmware Cloud Config

CVE-2020-5405

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or…

EPSS: 0.880 (99.5th percentile) — read the EPSS interpretation.

Affected products

Spring By Vmware Cloud Config — versions 2.2, 2.1

Weakness classification (CWE)

CWE-23 — Relative Path Traversal

Public proof-of-concept exploits

shoucheng3/spring-cloud__spring-cloud-config_CVE-2020-5405_2-1-6-RELEASE
20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Addy-shetty/Laazy_
Agilevatester/SpringSecurity
Agilevatester/SpringSecurityV1
Coldplay1517/Middleware-Vulnerability-detection-master
DSO-Lab/pocscan

References

pivotal.io/security/cve-2020-5405 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-5405?: CVE-2020-5405 is a vulnerability in Spring By Vmware Cloud Config, classified under Relative Path Traversal. Published 2020-03-05.
Is CVE-2020-5405 known to be exploited?: 37 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.