Описание
Spring Vault vulnerable to insertion of sensitive information into a log file
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
Пакеты
Наименование
org.springframework.vault:spring-vault-core
maven
Затронутые версииВерсия исправления
>= 3.0.0, < 3.0.2
3.0.2
Наименование
org.springframework.vault:spring-vault-core
maven
Затронутые версииВерсия исправления
< 2.3.3
2.3.3
Связанные уязвимости
CVSS3: 5.5
nvd
почти 3 года назад
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.