6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.7%
HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334
security.gentoo.org/glsa/202207-01