Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.
This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: HashiCorp
Published: 2024-04-30T14:58:09.735Z
Updated: 2024-06-21T15:56:24.200Z
Reserved: 2024-03-25T20:59:41.034Z
Link: CVE-2024-2877
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-04-30T15:15:52.740
Modified: 2024-06-14T13:15:51.473
Link: CVE-2024-2877
JSON object: View
Redhat Information
No data.
CWE