Описание
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.
This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.
Ссылки
- Broken Link
- Third Party Advisory
- Broken Link
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.15.0 (включая) до 1.15.8 (исключая)
cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 18%
0.00057
Низкий
5.5 Medium
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-532
Связанные уязвимости
CVSS3: 5.5
github
почти 2 года назад
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.
EPSS
Процентиль: 18%
0.00057
Низкий
5.5 Medium
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-532