VMware Spring Cloud Config
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in VMware Spring Cloud Config.
Recent VMware Spring Cloud Config Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2025-04-07 | CVE-2025-22232 - Medium - CVE-2025-22232: Spring Cloud Config Server May Not Use Vault Token Sent By Clients | April 7, 2025 |
By the Year
In 2026 there have been 0 vulnerabilities in VMware Spring Cloud Config. Spring Cloud Config did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 5.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 7.00 |
| 2019 | 1 | 6.50 |
It may take a day or so for new Spring Cloud Config vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Spring Cloud Config Security Vulnerabilities
Spring Vault <=3.0.2/2.3.3 Log Injection on batch token revocation (CVE-2023-20859)
CVE-2023-20859
5.5 - Medium
- March 23, 2023
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
Insertion of Sensitive Information into Log File
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions
CVE-2020-5410
7.5 - High
- June 02, 2020
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
Relative Path Traversal
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions
CVE-2020-5405
6.5 - Medium
- March 05, 2020
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
Directory traversal
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions
CVE-2019-3799
6.5 - Medium
- May 06, 2019
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware Spring Cloud Config or by VMware? Click the Watch button to subscribe.
