HashiCorpCVELIST:CVE-2024-0831CVE-2024-0831 Vault May Expose Sensitive Information When Configuring An Audit Log Device
4.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.5%
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the log_raw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use log_raw.
CNA Affected
[
{
"vendor": "HashiCorp",
"product": "Vault",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"repo": "https://github.com/hashicorp/vault",
"versions": [
{
"status": "affected",
"version": "1.15.0",
"lessThanOrEqual": "1.15.4",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "HashiCorp",
"product": "Vault Enterprise",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"versions": [
{
"status": "affected",
"version": "1.15.0",
"lessThanOrEqual": "1.15.4",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
4.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.5%