Lucene search
VmwareCVELIST:CVE-2023-20866HistoryApr 13, 2023 - 12:00 a.m.
CVE-2023-20866
2023-04-1300:00:00
CWE-200
vmware
www.cve.org
spring session 3.0.0
cve-2023-20866
vulnerability
headerhttpsessionidresolver
session hijacking
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.
CNA Affected
[
{
"vendor": "n/a",
"product": "Spring Session",
"versions": [
{
"version": "Spring session versions 3.0.x prior to 3.0.1",
"status": "affected"
}
]
}
]References
Related
prion
prion
Spoofing
2023-04-13 20:15:00
cve
cve
CVE-2023-20866
2023-04-13 20:15:08
osv
osv
Spring Session session ID can be logged to the standard output stream
2023-04-13 21:30:27
redhatcve
redhatcve
CVE-2023-20866
2023-05-04 19:21:19
nvd
nvd
CVE-2023-20866
2023-04-13 20:15:08
veracode
veracode
Information Disclosure
2023-04-18 11:50:34
github
github
Spring Session session ID can be logged to the standard output stream
2023-04-13 21:30:27
ibm
ibm