VMware Spring Cloud Config
Moderate fix5 remedies
cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*
Moderate fix5 remedies
- >= 3.1.0, <= 3.1.13
- >= 4.1.0, <= 4.1.9
- >= 4.2.0, <= 4.2.6
- >= 4.3.0, <= 4.3.2
- >= 5.0.0, <= 5.0.2
Spring Cloud Config Server Trace Logging Vulnerability Exposing Sensitive Information
Vulnerability
Patched
A vulnerability exists in Spring Cloud Config Server that allows sensitive information to be logged in plain text when trace logging is enabled. This issue affects multiple versions of Spring Cloud Config, including 3.1.x, 4.1.x, 4.2.x, 4.3.x, and 5.0.x. The vulnerability arises from the improper handling of sensitive data in the logging process, which can lead to unintentional exposure of confidential information.
Impact
The vulnerability could result in the unintentional logging of sensitive information, which could be accessed by unauthorized individuals or entities.
Remediation
Users should upgrade to the fixed version corresponding to their Spring Cloud Config version. For versions 3.1.x, 4.1.x, and 4.2.x, the upgrade should be to the next available version, which is 3.1.14, 4.1.10, and 4.2.7 respectively. For versions 4.3.x and 5.0.x, users can upgrade to 4.3.3 and 5.0.3 respectively.
Added: May 7, 2026, 4:41 AM
Updated: May 7, 2026, 4:41 AM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
2.5exploitability
3.5remediation
7.7relevance
7.7threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.