Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.
This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.
References
Configurations
No configuration.
History
14 Jun 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
30 Apr 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-30 15:15
Updated : 2024-06-14 13:15
NVD link : CVE-2024-2877
Mitre link : CVE-2024-2877
CVE.ORG link : CVE-2024-2877
JSON object : View
Products Affected
No product.
CWE
CWE-532
Insertion of Sensitive Information into Log File