CVE-2020-5410 - VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
Project:VMware Tanzu
Product:Spring Cloud Configuration (Config) Server
Date Added:2022-03-25Due Date:2022-04-15
Vulnerability Name
VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
Description
Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-5410