ghsa-qpfh-2wpm-c362
Vulnerability from github
Published
2025-04-10 18:32
Modified
2025-04-10 18:32
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details

Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Your application may be affected by this if the following are true: * You have Spring Vault on the classpath of your Spring Cloud Config Server and * You are using the X-CONFIG-TOKEN header to send a Vault token to the Spring Cloud Config Server for the Config Server to use when making requests to Vault and * You are using the default Spring Vault SessionManager implementation LifecycleAwareSessionManager or a SessionManager implementation that persists the Vault token such as SimpleSessionManager.

In this case the SessionManager persists the first token it retrieves and will continue to use that token even if client requests to the Spring Cloud Config Server include a X-CONFIG-TOKEN header with a different value. Affected Spring Products and Versions Spring Cloud Config: * 2.2.1.RELEASE - 4.2.1

Mitigation Users of affected versions should upgrade to the corresponding fixed version.

Affected version(s)Fix versionAvailability4.2.x4.2.2OSS4.1.x4.1.6OSS4.0.x4.0.10Commercial3.1.x3.1.10Commercial3.0.x4.1.6OSS2.2.x4.1.6OSS NOTE: Spring Cloud Config 3.0.x and 2.2.x are no longer under open source or commercial support. Users of these versions are encouraged to upgrade to a supported version.

No other mitigation steps are necessary.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-22232"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-10T18:15:46Z",
    "severity": "MODERATE"
  },
  "details": "Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN\u00a0header when making requests to Vault.\nYour application may be affected by this if the following are true:\n  *  You have Spring Vault on the classpath of your Spring Cloud Config Server and\n  *  You are using the X-CONFIG-TOKEN\u00a0header to send a Vault token to the Spring Cloud Config Server for the Config Server to use when making requests to Vault and\n  *  You are using the default Spring Vault SessionManager\u00a0implementation LifecycleAwareSessionManager\u00a0or a SessionManager\u00a0implementation that persists the Vault token such as SimpleSessionManager.\n\nIn this case the SessionManager\u00a0persists the first token it retrieves and will continue to use that token even if client requests to the Spring Cloud Config Server include a X-CONFIG-TOKEN\u00a0header with a different value.\nAffected Spring Products and Versions\nSpring Cloud Config:\n  *  2.2.1.RELEASE - 4.2.1\n\n\nMitigation\nUsers of affected versions should upgrade to the corresponding fixed version.\n\nAffected version(s)Fix versionAvailability4.2.x4.2.2OSS4.1.x4.1.6OSS4.0.x4.0.10Commercial3.1.x3.1.10Commercial3.0.x4.1.6OSS2.2.x4.1.6OSS\nNOTE: Spring Cloud Config 3.0.x and 2.2.x are no longer under open source or commercial support. Users of these versions are encouraged to upgrade to a supported version.\n\nNo other mitigation steps are necessary.",
  "id": "GHSA-qpfh-2wpm-c362",
  "modified": "2025-04-10T18:32:03Z",
  "published": "2025-04-10T18:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22232"
    },
    {
      "type": "WEB",
      "url": "https://spring.io/security/cve-2025-22232"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.