PT-2019-6210 · Spring · Spring Cloud Config

Publicado

2019-05-06

Atualizado

2022-06-13

CVE-2019-3799

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Spring Cloud Config versions 1.4.x prior to 1.4.6 Spring Cloud Config versions 2.0.x prior to 2.0.4 Spring Cloud Config versions 2.1.x prior to 2.1.2

Description The issue exists due to incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to disclose protected information using a specially crafted URL, potentially leading to a directory traversal attack.

Recommendations For versions 1.4.x prior to 1.4.6, update to version 1.4.6 or later. For versions 2.0.x prior to 2.0.4, update to version 2.0.4 or later. For versions 2.1.x prior to 2.1.2, update to version 2.1.2 or later.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

BDU:2022-02830

CVE-2019-3799

GHSA-4X49-W62V-76Q7

Produtos afetados

Spring Cloud Config

PT-2019-6210 · Spring · Spring Cloud Config

CVE-2019-3799

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10