Spring Vault <=3.0.2/2.3.3 Log Injection on batch token revocation (CVE-2023-20859)
CVE-2023-20859 Published on March 23, 2023

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.

NVD

Products Associated with CVE-2023-20859

Want to know whenever a new CVE is published for VMware products? stack.watch will email you.

VMware Spring Vault

VMware Spring Cloud Vault

VMware Spring Cloud Config

Exploit Probability

EPSS

0.08%

Percentile

23.14%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Spring Vault <=3.0.2/2.3.3 Log Injection on batch token revocation (CVE-2023-20859)CVE-2023-20859 Published on March 23, 2023

Products Associated with CVE-2023-20859

Exploit Probability

Spring Vault <=3.0.2/2.3.3 Log Injection on batch token revocation (CVE-2023-20859)
CVE-2023-20859 Published on March 23, 2023