Moderate severityNVD Advisory· Published Mar 23, 2023· Updated Feb 25, 2025
CVE-2023-20859
CVE-2023-20859
Description
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.vault:spring-vault-coreMaven | >= 3.0.0, < 3.0.2 | 3.0.2 |
org.springframework.vault:spring-vault-coreMaven | < 2.3.3 | 2.3.3 |
Affected products
2- Spring/Vaultdescription
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-r47r-87p9-8jh3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-20859ghsaADVISORY
- spring.io/security/cve-2023-20859ghsaWEB
News mentions
0No linked articles in our index yet.