CVE-2020-5412 Vulnerability Details

  /     /     /  

CVE-2020-5412 Metadata Quick Info

CVE Published: 07/08/2020 | CVE Updated: 16/09/2024 | CVE Year: 2020
Source: pivotal | Vendor: Spring by VMware | Product: Spring Cloud Netflix
Status : PUBLISHED

---

CVE-2020-5412 Description

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-441
CWE Name: CWE-441: Unintended Proxy or Intermediary
Source: Spring by VMware

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).