Описание
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the log_raw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use log_raw.
A sensitive information disclosure vulnerability was found in Hashicorp Vault. Enabling an audit device that specifies the log_raw option may log sensitive information to oth
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-rhel9 | Not affected | ||
| Custom Metric Autoscaler operator for Red Hat Openshift | custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines-client | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-contour-rhel8 | Not affected | ||
| Red Hat Openshift Container Storage 4 | mcg | Not affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/cephcsi-rhel8 | Not affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/mcg-rhel8-operator | Not affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/ocs-rhel8-operator | Not affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/rook-ceph-rhel8-operator | Not affected | ||
| Red Hat Openshift Data Foundation 4 | mcg | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.5 Medium
CVSS3
Связанные уязвимости
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.
Hashicorp Vault may expose sensitive log information
EPSS
4.5 Medium
CVSS3