How severe is CVE-2020-5412?

CVE-2020-5412 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2020-5412

Name: spring_cloud_netflix
Author: vmware

6.5MEDIUM

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make request

发布于: 8/7/2020更新于: 11/21/2024

描述

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.

AI分析AI驱动

受影响产品

vmwarespring_cloud_netflix

参考资料

https://tanzu.vmware.com/security/cve-2020-5412
Vendor Advisory
https://tanzu.vmware.com/security/cve-2020-5412
Vendor Advisory