How severe is CVE-2020-5412?

CVE-2020-5412 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2020-5412

Name: spring_cloud_netflix
Author: vmware

6.5MEDIUM

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make request

公開日: 8/7/2020更新日: 11/21/2024

説明

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.

AI分析AIによる分析

影響を受ける製品

vmwarespring_cloud_netflix

参照

https://tanzu.vmware.com/security/cve-2020-5412
Vendor Advisory
https://tanzu.vmware.com/security/cve-2020-5412
Vendor Advisory