| ID |
CVE-2024-22263
|
| Summary |
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromises the server. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | None |
| Impact: | |
| Exploitability: | |
|
| Access |
| Vector | Complexity | Authentication |
|
|
|
|
| Impact |
| Confidentiality | Integrity | Availability |
|
|
|
|
| Last major update |
03-07-2024 - 01:47 |
| Published |
19-06-2024 - 15:15 |
| Last modified |
03-07-2024 - 01:47 |
