Spring Cloud Configにおいて、ディレクトリトラバーサルを可能にする複数の脆弱性

Subject: [Security Advisory] Spring Cloud Config Directory Traversal Vulnerability

Dear Team,

This is a notification regarding critical vulnerabilities found in Spring Cloud Config.

■ Overview
A critical directory traversal vulnerability exists in the spring-cloud-config-server module. An attacker could use manipulated URLs (e.g., using '../' sequences) to bypass directory restrictions and access sensitive system files, internal configurations, or credentials.

■ Affected Versions
- Spring Cloud Config: 3.1.x, 4.1.x, 4.2.x, 4.3.x, 5.0.x and older unsupported versions.

■ Remediation Steps
1. Identify all instances running the affected versions of Spring Cloud Config.
2. Update to the following patched versions immediately:
- 3.1.14, 4.1.10, 4.2.7, 4.3.3, or 5.0.3.

■ Reference
- INCIBE-2026-332

Priority: High
Deadline: Immediate