A directory traversal vulnerability in Spring Cloud Config allows attackers to access arbitrary files on the system, potentially exposing sensitive configuration data.

The application does not properly sanitize input in the configuration server module, allowing an attacker to use directory traversal sequences (../) to access files outside of the intended directory.

This vulnerability can expose critical application secrets, environment configurations, and other sensitive system files. Given the 9.1 CVSS score, the potential for information disclosure is severe and could lead to further exploitation of the entire infrastructure.

Immediate Action: Upgrade to the specific patched versions provided by Spring Cloud (e.g., 3.1.14, 4.1.10, 4.2.7, 4.3.3, or 5.0.3).

Proactive Monitoring: Review access logs for URL requests containing directory traversal patterns and monitor for unauthorized access to sensitive configuration files.

Compensating Controls: Use a Web Application Firewall (WAF) to block requests containing directory traversal sequences and ensure the application runs with the minimum file system permissions required.

Public Exploit Available: false

Security teams should immediately identify all affected Spring Cloud Config instances and apply the necessary version updates. Given the sensitivity of configuration servers, this must be treated as a high-priority task.