What is CVE-2020-5412?

CVE-2020-5412 is a vulnerability in Spring By Vmware Cloud Netflix, classified under Unintended Proxy or Intermediary (Confused Deputy). Published 2020-08-07.

Is CVE-2020-5412 known to be exploited?

17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Spring By Vmware Cloud Netflix

CVE-2020-5412

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server…

EPSS: 0.922 (99.7th percentile) — read the EPSS interpretation.

Affected products

Spring By Vmware Cloud Netflix — versions 2.2, 2.1

Weakness classification (CWE)

CWE-441 — Unintended Proxy or Intermediary (Confused Deputy)

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Agilevatester/SpringSecurity
Agilevatester/SpringSecurityV1
Elsfa7-110/kenzer-templates
amcai/myscan
assetnote/blind-ssrf-chains
ax1sX/SpringSecurity
d4n-sec/d4n-sec.github.io

References

tanzu.vmware.com/security/cve-2020-5412 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-5412?: CVE-2020-5412 is a vulnerability in Spring By Vmware Cloud Netflix, classified under Unintended Proxy or Intermediary (Confused Deputy). Published 2020-08-07.
Is CVE-2020-5412 known to be exploited?: 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.