Количество 5
Количество 5
CVE-2024-8365
Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.
CVE-2024-8365
Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.
GHSA-jjxf-26c9-77gm
Vault Leaks Client Token and Token Accessor in Audit Devices
BDU:2024-07431
Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с вставкой конфиденциальной информации в файл журнала, позволяющая нарушителю получить доступ к конфиденциальной информации
ROS-20240918-13
Уязвимость vault
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-8365 Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9. | CVSS3: 6.2 | 0% Низкий | больше 1 года назад |
 | CVE-2024-8365 Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9. | CVSS3: 6.2 | 0% Низкий | больше 1 года назад |
| GHSA-jjxf-26c9-77gm Vault Leaks Client Token and Token Accessor in Audit Devices | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
 | BDU:2024-07431 Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с вставкой конфиденциальной информации в файл журнала, позволяющая нарушителю получить доступ к конфиденциальной информации | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
 | ROS-20240918-13 Уязвимость vault | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу