VDB
CVE-2023-20866
CVE-2023-20866
PUBLISHED
CVSS 6.5 MEDIUM
Spring Session session ID can be logged to the standard output stream
EPSS 0.71% · 72.8th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.71%
72.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| vmware | spring_session | 3.0.0 |
| Maven | org.springframework.session:spring-session-core | 3.0.0, 3.0.0 |
| n/a | Spring Session | Spring session versions 3.0.x prior to 3.0.1 |
Exploit Intelligence
Timeline
- Apr 13, 2023 CVE Published
- Apr 15, 2023 EPSS Score
- Apr 17, 2023 CVE Updated
- May 23, 2023 EPSS Score
- Jun 29, 2023 EPSS Score
- Aug 6, 2023 EPSS Score
- Sep 12, 2023 EPSS Score
- Oct 20, 2023 EPSS Score
- Nov 27, 2023 EPSS Score
- Jan 3, 2024 EPSS Score
- Feb 10, 2024 EPSS Score
- Mar 19, 2024 EPSS Score
References
- https://spring.io/security/cve-2023-20866 url
- https://spring.io/security/cve-2023-20862/ advisory
- https://spring.io/security/cve-2023-20873/ advisory
- https://spring.io/security/cve-2023-20883/ advisory
- https://spring.io/security/cve-2023-20866/ advisory
- https://spring.io/security/cve-2023-20860/ advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-20866 advisory
- https://github.com/spring-projects/spring-session/issues/2215 url
- https://github.com/spring-projects/spring-session/commit/c98a7be0e2ced7f795018f05397dca4bd5ca8212 url
- https://github.com/spring-projects/spring-session package