Spring · Spring Vault · CVE-2023-20859
**Name of the Vulnerable Software and Affected Versions**
Spring Vault versions 2.3.x prior to 2.3.3
Spring Vault versions 3.0.x prior to 3.0.2
**Description**
The application is vulnerable to the insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
**Recommendations**
For versions 2.3.x prior to 2.3.3, update to version 2.3.3 or later.
For versions 3.0.x prior to 3.0.2, update to version 3.0.2 or later.
As a temporary workaround, consider restricting access to the log files to minimize the risk of sensitive information exposure.