0

More than 3 years have passed since last update.

@shimizukawasaki(清水川崎)

[漏洞通告]CVE-2020-5410/Spring-Cloud-Config-Server存在路径穿越

spring

Last updated at 2020-06-02Posted at 2020-06-02

漏洞描述

近日,亚信安全网络攻防实验室跟Spring-Cloud-Config-Server组件存在路径穿越漏洞,该漏洞由补天安全研究员LuFei提交给Spring官方.攻击者利用此漏洞可以实现目录穿越,以此读取未授权文件的内容.

漏洞编号

CVE-2020-5410

漏洞威胁等级

中危

影响范围

2.2.0 <= Spring Cloud Config <= 2.2.2
2.1.0 <= Spring Cloud Config <= 2.1.8

漏洞验证

修复建议

建议升级Spring Cloud Config至2.2.3版本或2.1.9版本并将Spring-Cloud-Config-Server放置在内网中,同时使用Spring Security进行身份验证.

时间轴

[0] 2020/06/02 补天0vul Team发布漏洞通告
[1] 2020/06/02 亚信安全网络攻防实验室分析&复现该漏洞并发布漏洞通告

Reference

0

Register as a new user and use Qiita more conveniently

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up

0