Vulnerabilities > CVE-2023-20866 - Unspecified vulnerability in VMWare Spring Session 3.0.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

vmware

NVD

Published: 2023-04-13

Updated: 2023-04-21

Summary

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Spring Session 3.0.0	1

References

https://spring.io/security/cve-2023-20866