In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
2023-03-23T21:15:19.680
2024-11-21T07:41:42.577
Modified
CVSSv3.1: 5.5 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | vmware | spring_cloud_config | ≤ 3.1.6 | Yes |
| Application | vmware | spring_cloud_config | ≤ 4.0.1 | Yes |
| Application | vmware | spring_cloud_vault | ≤ 3.1.2 | Yes |
| Application | vmware | spring_cloud_vault | 4.0.0 | Yes |
| Application | vmware | spring_vault | < 2.3.3 | Yes |
| Application | vmware | spring_vault | < 3.0.2 | Yes |