GHSA-j6hh-h3cf-c2hf

Source

https://github.com/advisories/GHSA-j6hh-h3cf-c2hf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-j6hh-h3cf-c2hf/GHSA-j6hh-h3cf-c2hf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-j6hh-h3cf-c2hf

Aliases

CVE-2026-41004

Published

2026-05-07T06:31:41Z

Modified

2026-05-11T16:36:46.484735Z

Severity

4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Spring Cloud Config Server Logged Sensitive Information

Details

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to 5.0.3 or greater.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-11T16:19:34Z",
    "cwe_ids": [
        "CWE-532"
    ],
    "severity": "MODERATE",
    "nvd_published_at": "2026-05-07T04:16:25Z"
}

References

Affected packages

Maven

org.springframework.cloud:spring-cloud-config-server

Package

Name: org.springframework.cloud:spring-cloud-config-server; View open source insights on deps.dev
Purl: pkg:maven/org.springframework.cloud/spring-cloud-config-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.0

Last affected

3.1.13

Affected versions

3.*

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.1.10

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-j6hh-h3cf-c2hf/GHSA-j6hh-h3cf-c2hf.json"

org.springframework.cloud:spring-cloud-config-server

Package

Name: org.springframework.cloud:spring-cloud-config-server; View open source insights on deps.dev
Purl: pkg:maven/org.springframework.cloud/spring-cloud-config-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Last affected

4.1.9

Affected versions

4.*

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-j6hh-h3cf-c2hf/GHSA-j6hh-h3cf-c2hf.json"

org.springframework.cloud:spring-cloud-config-server

Package

Name: org.springframework.cloud:spring-cloud-config-server; View open source insights on deps.dev
Purl: pkg:maven/org.springframework.cloud/spring-cloud-config-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2.0

Last affected

4.2.6

Affected versions

4.*

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-j6hh-h3cf-c2hf/GHSA-j6hh-h3cf-c2hf.json"

org.springframework.cloud:spring-cloud-config-server

Package

Name: org.springframework.cloud:spring-cloud-config-server; View open source insights on deps.dev
Purl: pkg:maven/org.springframework.cloud/spring-cloud-config-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.3

Affected versions

4.*

4.3.0

4.3.1

4.3.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-j6hh-h3cf-c2hf/GHSA-j6hh-h3cf-c2hf.json"

last_known_affected_version_range

"<= 4.3.2"

org.springframework.cloud:spring-cloud-config-server

Package

Name: org.springframework.cloud:spring-cloud-config-server; View open source insights on deps.dev
Purl: pkg:maven/org.springframework.cloud/spring-cloud-config-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0

Fixed

5.0.3

Affected versions

5.*

5.0.0

5.0.1

5.0.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-j6hh-h3cf-c2hf/GHSA-j6hh-h3cf-c2hf.json"

last_known_affected_version_range

"<= 5.0.2"