CVE-2023-20859

2023-03-2300:00:00

vmware

www.cve.org

spring vault

log file

sensitive information

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Spring Vault, Spring Cloud Vault, Spring Cloud Config",
    "versions": [
      {
        "version": "Spring Vault (3.0.0 to 3.0.1, 2.3.0 to 2.3.2), Spring Cloud Vault (4.0.0, 3.1.0 to 3.1.2 and older versions), Spring Cloud Config (4.0.0 to 4.0.1, 3.1.0 to 3.1.6 and older versions)",
        "status": "affected"
      }
    ]
  }
]

References

spring.io/security/cve-2023-20859