cvelistv5 - CVE-2023-20866

CVE-2023-20866 (GCVE-0-2023-20866)

Vulnerability from cvelistv5 – Published: 2023-04-13 00:00 – Updated: 2025-02-07 16:41

Summary

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

vmware

References

URL

Tags

https://spring.io/security/cve-2023-20866

Impacted products

	Vendor	Product	Version
	n/a	Spring Session	Affected: Spring session versions 3.0.x prior to 3.0.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:21:32.350Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://spring.io/security/cve-2023-20866"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-20866",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T16:40:50.101115Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-07T16:41:34.511Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Session",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Spring session versions 3.0.x prior to 3.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200-Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-13T00:00:00.000Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2023-20866"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2023-20866",
    "datePublished": "2023-04-13T00:00:00.000Z",
    "dateReserved": "2022-11-01T00:00:00.000Z",
    "dateUpdated": "2025-02-07T16:41:34.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_session:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1779D321-04BD-4FAA-A743-35D9DE97CC75\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.\"}]",
      "id": "CVE-2023-20866",
      "lastModified": "2024-11-21T07:41:43.330",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2023-04-13T20:15:08.263",
      "references": "[{\"url\": \"https://spring.io/security/cve-2023-20866\", \"source\": \"security@vmware.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://spring.io/security/cve-2023-20866\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@vmware.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@vmware.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-20866\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2023-04-13T20:15:08.263\",\"lastModified\":\"2025-02-07T17:15:24.140\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_session:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1779D321-04BD-4FAA-A743-35D9DE97CC75\"}]}]}],\"references\":[{\"url\":\"https://spring.io/security/cve-2023-20866\",\"source\":\"security@vmware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://spring.io/security/cve-2023-20866\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2023-04-13T00:00:00.000Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.\"}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"Spring Session\", \"versions\": [{\"version\": \"Spring session versions 3.0.x prior to 3.0.1\", \"status\": \"affected\"}]}], \"references\": [{\"url\": \"https://spring.io/security/cve-2023-20866\"}], \"problemTypes\": [{\"descriptions\": [{\"type\": \"CWE\", \"lang\": \"en\", \"description\": \"CWE-200-Exposure of Sensitive Information to an Unauthorized Actor\", \"cweId\": \"CWE-200\"}]}]}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T09:21:32.350Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://spring.io/security/cve-2023-20866\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-20866\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T16:40:50.101115Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T16:41:29.060Z\"}}]}",
      "cveMetadata": "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2023-20866\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"assignerShortName\": \"vmware\", \"dateUpdated\": \"2025-02-07T16:41:34.511Z\", \"dateReserved\": \"2022-11-01T00:00:00.000Z\", \"datePublished\": \"2023-04-13T00:00:00.000Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2023-20866

Vulnerability from fkie_nvd - Published: 2023-04-13 20:15 - Updated: 2025-02-07 17:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	security@vmware.com	https://spring.io/security/cve-2023-20866	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://spring.io/security/cve-2023-20866	Vendor Advisory

Impacted products

	Vendor	Product	Version
	vmware	spring_session	3.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_session:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1779D321-04BD-4FAA-A743-35D9DE97CC75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver."
    }
  ],
  "id": "CVE-2023-20866",
  "lastModified": "2025-02-07T17:15:24.140",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-04-13T20:15:08.263",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://spring.io/security/cve-2023-20866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://spring.io/security/cve-2023-20866"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CERTFR-2023-AVI-0398

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits VMware Spring. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Spring	N/A	Spring Boot versions 2.6.x antérieures à 2.6.15
Spring	N/A	Spring Security versions 6.0.x antérieures à 6.0.3
Spring	N/A	Spring Security versions 5.7.x antérieures à 5.7.8
Spring	N/A	Cadriciel Spring versions 5.3.x antérieures à 5.3.26
Spring	N/A	Spring Boot versions 2.7.x antérieures à 2.7.11
Spring	N/A	Spring Session versions 3.0.x antérieures à 3.0.1
Spring	N/A	Spring Boot toutes versions antérieures à 2.5.15
Spring	N/A	Cadriciel Spring versions 6.x antérieures à 6.0.7
Spring	N/A	Spring Security versions 5.8.x antérieures à 5.8.3
Spring	N/A	Spring Boot versions 3.0.x antérieures à 3.0.6

References

Title

Publication Time

Tags

Bulletin de sécurité Spring cve-2023-20862 du 17 avril 2023	None	vendor-advisory
Bulletin de sécurité Spring cve-2023-20873 du 18 mai 2023	None	vendor-advisory
Bulletin de sécurité Spring cve-2023-20883 du 18 mai 2023	None	vendor-advisory
Bulletin de sécurité Spring cve-2023-20866 du 12 avril 2023	None	vendor-advisory
Bulletin de sécurité Spring cve-2023-20860 du 20 mars 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Spring Boot versions 2.6.x ant\u00e9rieures \u00e0 2.6.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Security versions 6.0.x ant\u00e9rieures \u00e0 6.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Security versions 5.7.x ant\u00e9rieures \u00e0 5.7.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Cadriciel Spring versions 5.3.x ant\u00e9rieures \u00e0 5.3.26",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Boot versions 2.7.x ant\u00e9rieures \u00e0 2.7.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Session versions 3.0.x ant\u00e9rieures \u00e0 3.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Boot toutes versions ant\u00e9rieures \u00e0 2.5.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Cadriciel Spring versions 6.x ant\u00e9rieures \u00e0 6.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Security versions 5.8.x ant\u00e9rieures \u00e0 5.8.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Boot versions 3.0.x ant\u00e9rieures \u00e0 3.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-20862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20862"
    },
    {
      "name": "CVE-2023-20873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20873"
    },
    {
      "name": "CVE-2023-20860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
    },
    {
      "name": "CVE-2023-20866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20866"
    },
    {
      "name": "CVE-2023-20883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0398",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware\nSpring. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le cadriciel VMware Spring",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2023-20862 du 17 avril 2023",
      "url": "https://spring.io/security/cve-2023-20862/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2023-20873 du 18 mai 2023",
      "url": "https://spring.io/security/cve-2023-20873/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2023-20883 du 18 mai 2023",
      "url": "https://spring.io/security/cve-2023-20883/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2023-20866 du 12 avril 2023",
      "url": "https://spring.io/security/cve-2023-20866/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2023-20860 du 20 mars 2023",
      "url": "https://spring.io/security/cve-2023-20860/"
    }
  ]
}

CERTFR-2023-AVI-0398

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Spring	N/A	Spring Boot versions 2.6.x antérieures à 2.6.15
Spring	N/A	Spring Security versions 6.0.x antérieures à 6.0.3
Spring	N/A	Spring Security versions 5.7.x antérieures à 5.7.8
Spring	N/A	Cadriciel Spring versions 5.3.x antérieures à 5.3.26
Spring	N/A	Spring Boot versions 2.7.x antérieures à 2.7.11
Spring	N/A	Spring Session versions 3.0.x antérieures à 3.0.1
Spring	N/A	Spring Boot toutes versions antérieures à 2.5.15
Spring	N/A	Cadriciel Spring versions 6.x antérieures à 6.0.7
Spring	N/A	Spring Security versions 5.8.x antérieures à 5.8.3
Spring	N/A	Spring Boot versions 3.0.x antérieures à 3.0.6

References

Title

Publication Time

Tags

Bulletin de sécurité Spring cve-2023-20862 du 17 avril 2023	None	vendor-advisory
Bulletin de sécurité Spring cve-2023-20873 du 18 mai 2023	None	vendor-advisory
Bulletin de sécurité Spring cve-2023-20883 du 18 mai 2023	None	vendor-advisory
Bulletin de sécurité Spring cve-2023-20866 du 12 avril 2023	None	vendor-advisory
Bulletin de sécurité Spring cve-2023-20860 du 20 mars 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Spring Boot versions 2.6.x ant\u00e9rieures \u00e0 2.6.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Security versions 6.0.x ant\u00e9rieures \u00e0 6.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Security versions 5.7.x ant\u00e9rieures \u00e0 5.7.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Cadriciel Spring versions 5.3.x ant\u00e9rieures \u00e0 5.3.26",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Boot versions 2.7.x ant\u00e9rieures \u00e0 2.7.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Session versions 3.0.x ant\u00e9rieures \u00e0 3.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Boot toutes versions ant\u00e9rieures \u00e0 2.5.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Cadriciel Spring versions 6.x ant\u00e9rieures \u00e0 6.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Security versions 5.8.x ant\u00e9rieures \u00e0 5.8.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Boot versions 3.0.x ant\u00e9rieures \u00e0 3.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-20862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20862"
    },
    {
      "name": "CVE-2023-20873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20873"
    },
    {
      "name": "CVE-2023-20860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
    },
    {
      "name": "CVE-2023-20866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20866"
    },
    {
      "name": "CVE-2023-20883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0398",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware\nSpring. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le cadriciel VMware Spring",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2023-20862 du 17 avril 2023",
      "url": "https://spring.io/security/cve-2023-20862/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2023-20873 du 18 mai 2023",
      "url": "https://spring.io/security/cve-2023-20873/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2023-20883 du 18 mai 2023",
      "url": "https://spring.io/security/cve-2023-20883/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2023-20866 du 12 avril 2023",
      "url": "https://spring.io/security/cve-2023-20866/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2023-20860 du 20 mars 2023",
      "url": "https://spring.io/security/cve-2023-20860/"
    }
  ]
}

GHSA-R7QR-F43M-PXFR

Vulnerability from github – Published: 2023-04-13 21:30 – Updated: 2023-04-22 00:06

Summary

Spring Session session ID can be logged to the standard output stream

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.session:spring-session-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2023-20866"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-17T17:14:40Z",
    "nvd_published_at": "2023-04-13T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.",
  "id": "GHSA-r7qr-f43m-pxfr",
  "modified": "2023-04-22T00:06:38Z",
  "published": "2023-04-13T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20866"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-session/issues/2215"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-session/commit/c98a7be0e2ced7f795018f05397dca4bd5ca8212"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-projects/spring-session"
    },
    {
      "type": "WEB",
      "url": "https://spring.io/security/cve-2023-20866"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Spring Session session ID can be logged to the standard output stream"
}

GSD-2023-20866

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-20866

Aliases

CVE-2023-20866

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-20866",
    "id": "GSD-2023-20866"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-20866"
      ],
      "details": "In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.",
      "id": "GSD-2023-20866",
      "modified": "2023-12-13T01:20:28.353585Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@vmware.com",
        "ID": "CVE-2023-20866",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Spring Session",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Spring session versions 3.0.x prior to 3.0.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-200-Exposure of Sensitive Information to an Unauthorized Actor"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://spring.io/security/cve-2023-20866",
            "refsource": "MISC",
            "url": "https://spring.io/security/cve-2023-20866"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[3.0.0]",
          "affected_versions": "Version 3.0.0",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2023-04-17",
          "description": "In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.",
          "fixed_versions": [
            "3.0.1"
          ],
          "identifier": "CVE-2023-20866",
          "identifiers": [
            "GHSA-r7qr-f43m-pxfr",
            "CVE-2023-20866"
          ],
          "not_impacted": "All versions before 3.0.0, all versions after 3.0.0",
          "package_slug": "maven/org.springframework.session/spring-session-core",
          "pubdate": "2023-04-13",
          "solution": "Upgrade to version 3.0.1 or above.",
          "title": "Spring Session session ID can be logged to the standard output stream",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-20866",
            "https://spring.io/security/cve-2023-20866",
            "https://github.com/spring-projects/spring-session/issues/2215",
            "https://github.com/spring-projects/spring-session/commit/c98a7be0e2ced7f795018f05397dca4bd5ca8212",
            "https://github.com/advisories/GHSA-r7qr-f43m-pxfr"
          ],
          "uuid": "a384afe7-3af8-475b-89af-3473f712b4b2"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_session:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2023-20866"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://spring.io/security/cve-2023-20866",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://spring.io/security/cve-2023-20866"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-04-21T18:51Z",
      "publishedDate": "2023-04-13T20:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-20866 (GCVE-0-2023-20866)

FKIE_CVE-2023-20866

CERTFR-2023-AVI-0398

Solution

CERTFR-2023-AVI-0398

Solution

GHSA-R7QR-F43M-PXFR

GSD-2023-20866

Tags

Sightings

Nomenclature