EUVD-2023-1091

Malicious code in bioql PyPI...

CVE-2023-20859

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token...

Insecure Session Management

spring-vault-core is vulnerable to Insecure Session Management. The vulnerability exists because the library does not properly hide sensitive information from logs after a revocation failure, which allows an attacker to insert sensitive information into a log file when it attempts to revoke a Vau...

GHSA-R47R-87P9-8JH3 Spring Vault vulnerable to insertion of sensitive information into a log file

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token...

Design/Logic Flaw

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token...

Spring Vault 日志信息泄露漏洞

VMware Spring Vault is VMware's allows applications to transparently access confidential information stored in Vault. A security vulnerability exists in Spring Vault 3.0.series versions prior to 3.0.2, 3.0.2 series versions prior to 2.3.3, which stems from an application's tendency to insert...

Insecure Access Control

github.com/hashicorp uses insecure access controls. Improper scheduling of the batch token expiration time allows the batch token leases to outlive their TTL Time-to-live...

Denial of service

HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4...