Описание
HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
A flaw was found in the HashiCorp Vault. The HashiCorp Vault and Vault Enterprise could allow a remote attacker to obtain sensitive information caused by inserting sensitive information into a log file. By accessing the log file, a remote attacker can obtain sensitive information.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 4 | openshift4/ose-installer | Not affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/cephcsi-rhel8 | Not affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/mcg-rhel8-operator | Not affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/ocs-rhel8-operator | Not affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/rook-ceph-rhel8-operator | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/cephcsi-rhel9 | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/mcg-rhel9-operator | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/ocs-rhel9-operator | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/odf-multicluster-rhel9-operator | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/odf-rhel8-operator | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2167397vault: Information disclosure from logged proxy environment variables
EPSS
Процентиль: 60%
0.004
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
больше 5 лет назад
HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
EPSS
Процентиль: 60%
0.004
Низкий
7.5 High
CVSS3