{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-20859", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "dateUpdated": "2025-02-25T15:40:28.087Z", "dateReserved": "2022-11-01T00:00:00.000Z", "datePublished": "2023-03-23T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2023-03-23T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token."}], "affected": [{"vendor": "n/a", "product": "Spring Vault, Spring Cloud Vault, Spring Cloud Config", "versions": [{"version": "Spring Vault (3.0.0 to 3.0.1, 2.3.0 to 2.3.2), Spring Cloud Vault (4.0.0, 3.1.0 to 3.1.2 and older versions), Spring Cloud Config (4.0.0 to 4.0.1, 3.1.0 to 3.1.6 and older versions)", "status": "affected"}]}], "references": [{"url": "https://spring.io/security/cve-2023-20859"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Information disclosure vulnerability"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:21:32.442Z"}, "title": "CVE Program Container", "references": [{"url": "https://spring.io/security/cve-2023-20859", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-25T15:40:11.169973Z", "id": "CVE-2023-20859", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-25T15:40:28.087Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://spring.io/security/cve-2023-20859", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:21:32.442Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-20859", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-25T15:40:11.169973Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-25T15:40:20.665Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Spring Vault, Spring Cloud Vault, Spring Cloud Config", "versions": [{"status": "affected", "version": "Spring Vault (3.0.0 to 3.0.1, 2.3.0 to 2.3.2), Spring Cloud Vault (4.0.0, 3.1.0 to 3.1.2 and older versions), Spring Cloud Config (4.0.0 to 4.0.1, 3.1.0 to 3.1.6 and older versions)"}]}], "references": [{"url": "https://spring.io/security/cve-2023-20859"}], "descriptions": [{"lang": "en", "value": "In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Information disclosure vulnerability"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2023-03-23T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-20859", "state": "PUBLISHED", "dateUpdated": "2025-02-25T15:40:28.087Z", "dateReserved": "2022-11-01T00:00:00.000Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2023-03-23T00:00:00.000Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*:*", "matchCriteriaId": "27E7C265-DE73-4FE5-BAE9-D6FD0B838B90", "versionEndIncluding": "3.1.6", "versionStartIncluding": "3.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A42F633-1074-46A8-AB65-DF694B34F650", "versionEndIncluding": "4.0.1", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_cloud_vault:*:*:*:*:*:*:*:*", "matchCriteriaId": "B545C7F6-40FB-4010-9146-1ED3FB861E79", "versionEndIncluding": "3.1.2", "versionStartIncluding": "3.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_cloud_vault:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDBE7574-C6A7-4EE3-B7BE-5D867E1034BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_vault:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2216E96-8849-4F10-BB79-24BB6B5A1F15", "versionEndExcluding": "2.3.3", "versionStartIncluding": "2.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_vault:*:*:*:*:*:*:*:*", "matchCriteriaId": "87C49F06-1DF2-4BA5-89E4-1FD4ED9086FF", "versionEndExcluding": "3.0.2", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token."}], "id": "CVE-2023-20859", "lastModified": "2024-11-21T07:41:42.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-23T21:15:19.680", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://spring.io/security/cve-2023-20859"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://spring.io/security/cve-2023-20859"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}