In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.springframework.vault:spring-vault-core(Maven) | 3.0.0 | 3.0.2 | N/A |
| org.springframework.vault:spring-vault-core(Maven) | 0 | 2.3.3 | N/A |
CVSS Metrics
