Imechapishwa: Aug 16, 2024 18:59
Advisory No: TZCERT-SA-24-0013
Source: Spring Cloud Data Flow
Software Affected: Spring Cloud Data Flow
Spring is vulnerable to a remote code vulnerability. The attackers can leverage the vulnerability to compromise the server.
Spring Cloud Data Flow, a microservices-based streaming in Cloud Foundry and Kubernetes is affected by a vulnerability tracked as CVE-2024-37084. The vulnerability is a result of improper sanitization for the upload path, that a malicious user who has access to the Skipper server API can use a crafted upload request to write an arbitrary file to any location on the file system. The attackers can exploit the vulnerability to compromise the server by executing remote arbitrary codes.
Successful exploitation of this vulnerability may allow an attacker to take control of the affected system.
Spring has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.