Lucene search

K

[email protected]NVD:CVE-2024-0831

HistoryFeb 01, 2024 - 2:15 a.m.

CVE-2024-0831

2024-02-0102:15:46

CWE-532

[email protected]

web.nvd.nist.gov

2

cve-2024-0831

vault

vault enterprise

sensitive information

audit device

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.5%

Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the log_raw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use log_raw.

Affected configurations

NVD

Node

hashicorpvaultRange1.15.0–1.15.5

OR

hashicorpvaultRange1.15.0–1.15.5enterprise

References

developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration

discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311

security.netapp.com/advisory/ntap-20240223-0005/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.5%

Related for NVD:CVE-2024-0831

prion1 cve1 osv3 redhatcve1 veracode1 cvelist1 github1