CVE-2020-5412
Last modified
CVE-2020-5412 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.. EPSS estimates a 10.21% chance of exploitation in the next 30 days.
Description
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Spring Cloud Netflix | < 2.1.6 |
| Vmware | Spring Cloud Netflix | >= 2.2.0, < 2.2.4 |
References
- https://tanzu.vmware.com/security/cve-2020-5412Vendor Advisory
- https://tanzu.vmware.com/security/cve-2020-5412Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-5412?
How severe is CVE-2020-5412?
How do I fix CVE-2020-5412?
Are you affected by CVE-2020-5412?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST