Spring Cloud Config 漏洞列表
共找到 8 个与 Spring Cloud Config 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2019-3799: Spring Cloud Config Server - Local File Inclusion POC
Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially crafted URL that can lead to a directory traversal attack. -
CVE-2020-5405: Spring Cloud Config - Local File Inclusion POC
Spring Cloud Config versions 2.2.x prior to 2.2.2, 2.1.x prior to 2.1.7, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. -
CVE-2020-5410: Spring Cloud Config Server - Local File Inclusion POC
Spring Cloud Config Server versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user or attacker can send a request using a specially crafted URL that can lead to a local file inclusion attack. -
CVE-2019-3799: Spring Cloud Config Server - Local File Inclusion POC
Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially crafted URL that can lead to a directory traversal attack. -
CVE-2020-5405: Spring Cloud Config - Local File Inclusion POC
Spring Cloud Config versions 2.2.x prior to 2.2.2, 2.1.x prior to 2.1.7, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. -
CVE-2020-5410: Spring Cloud Config Server - Local File Inclusion POC
Spring Cloud Config Server versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user or attacker can send a request using a specially crafted URL that can lead to a local file inclusion attack. -
Spring Cloud Config CVE-2020-5410 目录遍历漏洞 无POC
Spring Cloud Config存在目录遍历漏洞,此漏洞是由于应用程序对请求路径没有进行充分校验导致的。 -
Spring Cloud Config Server 路径穿越导致文件读取漏洞(CVE-2020-5405) 无POC
Spring CloudConfig,为微服务架构中的微服务提供集中化的外部配置支持,配置服务器为各个不同微服务应用的所有环境提供了一个中心化的外部配置。Spring CloudConfig,2.2.2之前的2.2.x版本,2.1.7之前的2.1.x版本,以及更早的不受支持的版本,允许应用程序通过Spring-Cloud-CONFIG-SERVER模块提供任意配置文件。恶意用户或攻击者可以使用巧尽心思构建的URL发送请求,从而导致目录遍历攻击。