Miggo Logo
Miggo Vulnerability Database
CVE-2019-3799

CVE-2019-3799:
Path Traversal in Spring Cloud Config

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2019-3799
GHSA ID
GHSA-4x49-w62v-76q7
EPSS Score
0.99191%
CWE
CWE-22
Published
5/23/2019
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.springframework.cloud:spring-cloud-config-servermaven< 1.4.61.4.6
org.springframework.cloud:spring-cloud-config-servermaven>= 2.0.0, < 2.0.42.0.4
org.springframework.cloud:spring-cloud-config-servermaven>= 2.1.0, < 2.1.22.1.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability occurs in the path handling logic of Spring Cloud Config Server's resource serving endpoint. The GenericResourceRepository.findOne method was processing user-supplied paths without adequate validation, allowing directory traversal via encoded path segments. The ResourceController.retrieve method serves as the entry point that passes the unsanitized path parameter to the vulnerable code. The patch adds multiple validation layers (isInvalidPath, processPath, cleanDuplicateSlashes) demonstrating where the original vulnerability existed.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Sprin* *lou* *on*i*, v*rsions *.*.x prior to *.*.*, v*rsions *.*.x prior to *.*.*, *n* v*rsions *.*.x prior to *.*.*, *n* ol**r unsupport** v*rsions *llow *ppli**tions to s*rv* *r*itr*ry *on*i*ur*tion *il*s t*rou** t** sprin*-*lou*-*on*i*-s*rv*r mo*u

Reasoning

T** vuln*r**ility o**urs in t** p*t* **n*lin* lo*i* o* Sprin* *lou* *on*i* S*rv*r's r*sour** s*rvin* *n*point. T** **n*ri*R*sour**R*pository.*in*On* m*t*o* w*s pro**ssin* us*r-suppli** p*t*s wit*out ***qu*t* v*li**tion, *llowin* *ir**tory tr*v*rs*l v