CVE-2023-20859 — MEDIUM (5.5)

Q: How severe is CVE-2023-20859?

CVE-2023-20859 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-20859?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Cloud Config, Vmware Spring Cloud Vault, Vmware Spring Vault.

Vulnerability Description

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Vmware	Spring Cloud Config	>= 3.1.0, <= 3.1.6
Vmware	Spring Cloud Vault	>= 3.1.0, <= 3.1.2
Vmware	Spring Vault	>= 2.3.0, < 2.3.3

Related Weaknesses (CWE)

CWE-532

References

https://spring.io/security/cve-2023-20859Vendor Advisory
https://spring.io/security/cve-2023-20859Vendor Advisory

FAQ

What is CVE-2023-20859?

CVE-2023-20859 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts...

How severe is CVE-2023-20859?

CVE-2023-20859 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20859?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Cloud Config, Vmware Spring Cloud Vault, Vmware Spring Vault.