Insecure Session Management

spring-vault-core is vulnerable to Insecure Session Management. The vulnerability exists because the library does not properly hide sensitive information from logs after a revocation failure, which allows an attacker to insert sensitive information into a log file when it attempts to revoke a Vau...

org.apache.camel.quarkus:camel-quarkus-hashicorp-vault (=3.0.0-M1), org.apache.camel.quarkus:camel-quarkus-hashicorp-vault-deployment (=3.0.0-M1) +11 more potentially affected by CVE-2023-20859 via org.springframework.vault:spring-vault-core (=3.0.0)

org.springframework.vault:spring-vault-core MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.vault:spring-vault-core and may be impacted: - org.apache.camel.quarkus:camel-quarkus-hashicorp-vault =3.0.0-M1 -...

com.bpfaas:bps-config-server-spring-cloud-starter (>=0.0.1-RELEASE <=3.2.2), com.github.paulcwarren:spring-content-encryption (>=2.7.0 <=2.9.0) +138 more potentially affected by CVE-2023-20859 via org.springframework.vault:spring-vault-core (>=1.0.0.RELEASE <=2.3.2)

org.springframework.vault:spring-vault-core MAVEN version =1.0.0.RELEASE, =0.0.1-RELEASE, =2.7.0, =0.8, =0.8, =0.8, =0.8, =2.4.0, =0.9.1, =0.9.12, =0.10.2, =1.1.6, =1.2.16 and more Source cves: CVE-2023-20859 Source advisory: OSV:GHSA-R47R-87P9-8JH3...