CVE-2019-3799 Information
Feb 14, 2021
cve
Description
Spring Cloud Config versions 2.1.x prior to 2.1.2 versions 2.0.x prior to 2.0.4 and versions 1.4.x prior to 1.4.6 and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user or attacker can send a request using a specially crafted URL that can lead a directory traversal attack.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Reference
https://github.com/mpgn/CVE-2019-3799 https://pivotal.io/security/cve-2019-3799
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
6.5
Share on: