Vulnerability Name: | CVE-2019-3799 (CCN-159829) | ||||||||||||
Assigned: | 2019-04-16 | ||||||||||||
Published: | 2019-04-16 | ||||||||||||
Updated: | 2022-06-13 | ||||||||||||
Summary: | Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. | ||||||||||||
CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) 6.0 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C)
7.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-22 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2019-3799 Source: XF Type: UNKNOWN pivotal-cve20193799-dir-traversal(159829) Source: CCN Type: Packet Storm Security [04-30-2019] Spring Cloud Config 2.1.x Path Traversal Source: CCN Type: Pivotal Web site CVE-2019-3799: Directory Traversal with spring-cloud-config-server Source: CONFIRM Type: Vendor Advisory https://pivotal.io/security/cve-2019-3799 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [04-30-2019] Source: CCN Type: Oracle CPUApr2022 Oracle Critical Patch Update Advisory - April 2022 Source: MISC Type: Patch, Third Party Advisory https://www.oracle.com/security-alerts/cpuapr2022.html | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: ![]() | ||||||||||||
BACK |