CVE-2023-20859

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vmwareCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
vmwarespring_cloud_config
3.1.0 ≤
𝑥
≤ 3.1.6
vmwarespring_cloud_config
4.0.0 ≤
𝑥
≤ 4.0.1
vmwarespring_cloud_vault
3.1.0 ≤
𝑥
≤ 3.1.2
vmwarespring_cloud_vault
4.0.0
vmwarespring_vault
2.3.0 ≤
𝑥
< 2.3.3
vmwarespring_vault
3.0.0 ≤
𝑥
< 3.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://spring.io/security/cve-2023-20859
https://spring.io/security/cve-2023-20859