Lucene search
Veracode Vulnerability DatabaseVERACODE:39958HistoryMar 27, 2023 - 2:28 a.m.
Insecure Session Management
2023-03-2702:28:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
225
spring-vault-core
insecure session management
sensitive information exposure
logs
vault batch token
EPSS
0
Percentile
5.1%
spring-vault-core is vulnerable to Insecure Session Management. The vulnerability exists because the library does not properly hide sensitive information from logs after a revocation failure, which allows an attacker to insert sensitive information into a log file when it attempts to revoke a Vault batch token.
References
Related
github
github
osv
osv
CVE-2023-20859
2023-03-23 21:15:19
cvelist
cvelist
CVE-2023-20859
2023-03-23 00:00:00
prion
prion
Design/Logic Flaw
2023-03-23 21:15:00
nvd
nvd
CVE-2023-20859
2023-03-23 21:15:19
cve
cve
CVE-2023-20859
2023-03-23 21:15:19
