CVE-2023-20859

State: PUBLISHED · Published: 2023-03-23 · Updated: 2025-02-25 · Assigner: vmware

Description

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.

CWE

(none)

Affected

n/a / Spring Vault, Spring Cloud Vault, Spring Cloud Config — v=Spring Vault (3.0.0 to 3.0.1, 2.3.0 to 2.3.2), Spring Cloud Vault (4.0.0, 3.1.0 to 3.1.2 and older versions), Spring Cloud Config (4.0.0 to 4.0.1, 3.1.0 to 3.1.6 and older versions) [affected]

CVSS

(none)

References

https://spring.io/security/cve-2023-20859

Source

cvelistV5-main/cves/2023/20xxx/CVE-2023-20859.json