Strix
26.1K

CVE-2023-20859

MEDIUMCVSS 5.5/10EPSS 0.22%

Last modified

CVE-2023-20859 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.. EPSS estimates a 0.22% chance of exploitation in the next 30 days.

Description

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.

Metrics

CVSS 3.1
5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
0.22%

12.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
VmwareSpring Cloud Config>= 3.1.0, <= 3.1.6
VmwareSpring Cloud Config>= 4.0.0, <= 4.0.1
VmwareSpring Cloud Vault>= 3.1.0, <= 3.1.2
VmwareSpring Cloud Vault4.0.0
VmwareSpring Vault>= 2.3.0, < 2.3.3
VmwareSpring Vault>= 3.0.0, < 3.0.2

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-20859?
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
How severe is CVE-2023-20859?
CVE-2023-20859 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.22% probability of exploitation in the next 30 days.
How do I fix CVE-2023-20859?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-20859?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST