CVE-2021-32074

HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking.
Configurations

Configuration 1 (hide)

cpe:2.3:a:hashicorp:vault-action:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:06

Type Values Removed Values Added
References () https://discuss.hashicorp.com/t/hcsec-2021-13-vault-github-action-did-not-correctly-mask-multi-line-secrets-in-output/24128 - Vendor Advisory () https://discuss.hashicorp.com/t/hcsec-2021-13-vault-github-action-did-not-correctly-mask-multi-line-secrets-in-output/24128 - Vendor Advisory
References () https://github.com/hashicorp/vault-action/blob/master/CHANGELOG.md - Third Party Advisory () https://github.com/hashicorp/vault-action/blob/master/CHANGELOG.md - Third Party Advisory
References () https://github.com/hashicorp/vault-action/issues/205 - Exploit, Third Party Advisory () https://github.com/hashicorp/vault-action/issues/205 - Exploit, Third Party Advisory
References () https://github.com/hashicorp/vault-action/pull/208 - Patch, Third Party Advisory () https://github.com/hashicorp/vault-action/pull/208 - Patch, Third Party Advisory

Information

Published : 2021-05-07 05:15

Updated : 2024-11-21 06:06


NVD link : CVE-2021-32074

Mitre link : CVE-2021-32074

CVE.ORG link : CVE-2021-32074


JSON object : View

Products Affected

hashicorp

  • vault-action
CWE
CWE-532

Insertion of Sensitive Information into Log File