CVE-2020-5410: Spring Cloud Config Server Directory Traversal Vulnerability Alert

Recently, Spring Cloud Config officially released a new version to fix directory traversal vulnerability. The vulnerability number is CVE-2020-5410, and the vulnerability level is medium.

Spring Cloud Config provides server-side and client-side support for externalized configuration in a distributed system. With the Config Server, you have a central place to manage external properties for applications across all environments. The concepts on both client and server map identically to the Spring Environment and PropertySource abstractions, so they fit very well with Spring applications but can be used with any application running in any language.

When processing the directory traversal sequence through the Spring Cloud Config Server module, this vulnerability is caused due to incorrect input verification. A remote attacker can send any specially designed HTTP request that can cause any file to be read.

Affected version

• Spring Cloud Config: 2.2.0 to 2.2.2
• Spring Cloud Config: 2.1.0 to 2.1.8

Solution

Upgrade to Spring Cloud Config to version 2.2.3 or 2.1.9, and place the Spring-Cloud-Config-Server service in the intranet, and use Spring Security for authentication