why is the sensitive log leaking (fixed in 8.15.0) not classified as a CVE?

[SimonCropp]

https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.15.0

Sanitize logs to avoid leaking sensitive data
Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.

or there is a CVE and i just cant find it?