Lucene search
K

751 matches found

NVD
NVD
added 2026/05/07 4:16 a.m.10 views

CVE-2026-41004

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterprise Support Only. Spring Cloud Config 4.1.x: affected from 4.1.0 throu...

4.4CVSS0.00168EPSS
Exploits0References1
NVD
NVD
added 2026/05/07 4:16 a.m.9 views

CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

9.1CVSS0.00727EPSS
Exploits0References4
NVD
NVD
added 2026/05/07 4:16 a.m.39 views

CVE-2026-40981

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...

7.5CVSS0.00435EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 3:55 a.m.67 views

CVE-2026-40981

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...

7.5CVSS0.00435EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 3:55 a.m.32 views

EUVD-2026-28245

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...

7.5CVSS5.8AI score0.00435EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:55 a.m.5 views

CVE-2026-40981

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...

7.5CVSS5.8AI score0.00435EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 3:55 a.m.7 views

CVE-2026-40981

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...

7.5CVSS5.8AI score0.00435EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 3:55 a.m.24 views

CVE-2026-40981

CVE-2026-40981 : In Spring Cloud Config Server using Google Secrets Manager as a backend, a crafted request can expose secrets from unintended GCP projects. Affected versions and upgrades: 3.1.x: 3.1.0–3.1.13 → upgrade to 3.1.14+ 4.1.x: 4.1.0–4.1.9 → upgrade to 4.1.10+ 4.2.x: 4.2.0–4.2.6 → upgrad...

7.5CVSS5.8AI score0.00435EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:53 a.m.6 views

CVE-2026-41002

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...

7.2CVSS5.8AI score0.0022EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/07 3:53 a.m.27 views

EUVD-2026-28248

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...

7.2CVSS5.8AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 3:53 a.m.56 views

CVE-2026-41002

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...

7.2CVSS0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 3:51 a.m.8 views

EUVD-2026-28250

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterprise Support Only. Spring Cloud Config 4.1.x: affected from 4.1.0 throu...

4.4CVSS5.8AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 3:51 a.m.40 views

CVE-2026-41004

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterprise Support Only. Spring Cloud Config 4.1.x: affected from 4.1.0 throu...

4.4CVSS0.00168EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/07 3:51 a.m.6 views

CVE-2026-41004

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterprise Support Only. Spring Cloud Config 4.1.x: affected from 4.1.0 throu...

4.4CVSS5.8AI score0.00168EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:51 a.m.7 views

CVE-2026-41004

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterprise Support Only. Spring Cloud Config 4.1.x: affected from 4.1.0 throu...

4.4CVSS5.8AI score0.00168EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/07 3:51 a.m.23 views

CVE-2026-41004

The CVE-2026-41004 affects Spring Cloud Config Server when trace logging is enabled, exposing sensitive information in plain text in logs. All affected branches and versions include: Spring Cloud Config 3.1.x (3.1.0–3.1.13) with upgrade to 3.1.14+; 4.1.x (4.1.0–4.1.9) upgrade to 4.1.10+; 4.2.x (4...

4.4CVSS5.8AI score0.00168EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/07 3:49 a.m.39 views

CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

9.1CVSS0.00727EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 3:49 a.m.27 views

CVE-2026-40982

Spring Cloud Config server (spring-cloud-config-server) is vulnerable to a directory-traversal issue that allows serving arbitrary text and binary files via crafted URLs. Affected versions: Spring Cloud Config 3.1.x (3.1.0–3.1.13); upgrade to 3.1.14+. 4.1.x (4.1.0–4.1.9); upgrade to 4.1.10+. 4.2....

9.1CVSS5.9AI score0.00727EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/07 3:49 a.m.10 views

EUVD-2026-28246

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

9.1CVSS5.9AI score0.00727EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:49 a.m.5 views

CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

9.1CVSS5.9AI score0.00727EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder