Authentication mechanism absence or evasion In log4j
Description
A flaw was found in Spring Cloud Config Server. This vulnerability allows an attacker to bypass Vault token validation via the X-CONFIG-TOKEN header. If a malicious client sends a different Vault token in the X-CONFIG-TOKEN header, the Spring Cloud Config Server may continue using the first token it retrieved, instead of the one sent by the client. This can result in unauthorized access to sensitive data from Vault.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Aliases
1. 2. 3.