CVE-2020-5412: Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard
First published: Fri Aug 07 2020(Updated: )
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.
Credit: security@pivotal.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vmware Spring Cloud Netflix | <2.1.6 | |
| Vmware Spring Cloud Netflix | >=2.2.0<2.2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2020-5412.
What is the severity level of CVE-2020-5412?
The severity level of CVE-2020-5412 is medium.
Which versions of Spring Cloud Netflix are affected by CVE-2020-5412?
Versions 2.2.x prior to 2.2.4 and versions 2.1.x prior to 2.1.6 of Spring Cloud Netflix are affected by CVE-2020-5412.
How can the vulnerability be exploited?
A malicious user can exploit CVE-2020-5412 by using the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard.
Is there a fix available for this vulnerability?
Yes, updating to version 2.2.4 for versions 2.2.x and version 2.1.6 for versions 2.1.x of Spring Cloud Netflix will fix the vulnerability.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/author
- agent/references
- agent/severity
- agent/title
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/vmware
- canonical/vmware spring cloud netflix
- version/vmware spring cloud netflix/2.2.0