Lucene search

K
cvelistVmwareCVELIST:CVE-2023-20859
HistoryMar 23, 2023 - 12:00 a.m.

CVE-2023-20859

2023-03-2300:00:00
vmware
www.cve.org
10
spring vault
log file
sensitive information

AI Score

5.5

Confidence

High

EPSS

0

Percentile

13.4%

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Spring Vault, Spring Cloud Vault, Spring Cloud Config",
    "versions": [
      {
        "version": "Spring Vault (3.0.0 to 3.0.1, 2.3.0 to 2.3.2), Spring Cloud Vault (4.0.0, 3.1.0 to 3.1.2 and older versions), Spring Cloud Config (4.0.0 to 4.0.1, 3.1.0 to 3.1.6 and older versions)",
        "status": "affected"
      }
    ]
  }
]

AI Score

5.5

Confidence

High

EPSS

0

Percentile

13.4%

Related for CVELIST:CVE-2023-20859