CVE-2023-20859: Spring Vault vulnerable to insertion of sensitive information into a log file

March 23, 2023

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.

References

github.com/advisories/GHSA-r47r-87p9-8jh3
nvd.nist.gov/vuln/detail/CVE-2023-20859
spring.io/security/cve-2023-20859

Code Behaviors & Features

Detect and mitigate CVE-2023-20859 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →