← ExploitWatch
HomeExploited Vulnerabilities

CVE-2020-5410 — Actively Exploited: Spring Cloud Configuration (Config) Server (VMware Tanzu)

Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.

CVE IDCVE-2020-5410
VendorVMware Tanzu
ProductSpring Cloud Configuration (Config) Server
Vulnerability nameVMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
Date added2022-03-25
Remediation due2022-04-15
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionSpring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →