exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2024-8365

10 месяцев назад

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.

CVSS3: 6.2

EPSS: Низкий

CVE-2024-8365

10 месяцев назад

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.

CVSS3: 6.2

EPSS: Низкий

ROS-20240918-13

9 месяцев назад

Уязвимость vault

CVSS3: 6.5

EPSS: Низкий

GHSA-jjxf-26c9-77gm

10 месяцев назад

Vault Leaks Client Token and Token Accessor in Audit Devices

CVSS3: 6.5

EPSS: Низкий

BDU:2024-07431

10 месяцев назад

Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с вставкой конфиденциальной информации в файл журнала, позволяющая нарушителю получить доступ к конфиденциальной информации

CVSS3: 6.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-8365 Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.	CVSS3: 6.2	0% Низкий	10 месяцев назад
CVE-2024-8365 Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.	CVSS3: 6.2	0% Низкий	10 месяцев назад
ROS-20240918-13 Уязвимость vault	CVSS3: 6.5	0% Низкий	9 месяцев назад
GHSA-jjxf-26c9-77gm Vault Leaks Client Token and Token Accessor in Audit Devices	CVSS3: 6.5	0% Низкий	10 месяцев назад
BDU:2024-07431 Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с вставкой конфиденциальной информации в файл журнала, позволяющая нарушителю получить доступ к конфиденциальной информации	CVSS3: 6.5	0% Низкий	10 месяцев назад

Уязвимостей на страницу