CVE-2023-20859
published 2023-03-23CVE-2023-20859: In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | spring_cloud_config | 3.1.0 – 3.1.6 | — |
| vmware | spring_cloud_config | 4.0.0 – 4.0.1 | — |
| vmware | spring_cloud_vault | — | — |
| vmware | spring_cloud_vault | 3.1.0 – 3.1.2 | — |
| vmware | spring_vault | >= 2.3.0 < 2.3.3 | 2.3.3 |
| vmware | spring_vault | >= 3.0.0 < 3.0.2 | 3.0.2 |