VMware Spring Cloud Config
By the Year
In 2024 there have been 0 vulnerabilities in VMware Spring Cloud Config . Last year Spring Cloud Config had 1 security vulnerability published. Right now, Spring Cloud Config is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 5.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 7.00 |
| 2019 | 1 | 6.50 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Spring Cloud Config vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Spring Cloud Config Security Vulnerabilities
In Spring Vault
CVE-2023-20859
5.5 - Medium
- March 23, 2023
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
Insertion of Sensitive Information into Log File
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions
CVE-2020-5410
7.5 - High
- June 02, 2020
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
Directory traversal
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions
CVE-2020-5405
6.5 - Medium
- March 05, 2020
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
Directory traversal
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions
CVE-2019-3799
6.5 - Medium
- May 06, 2019
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Communications Cloud Native Core Policy or by VMware? Click the Watch button to subscribe.
