4 matches found
CVE-2024-2877
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterpris...
BIT-VAULT-2024-2877 Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterpris...
CVE-2024-2877
Summary: CVE-2024-2877 affects Vault Enterprise when configured with performance standby nodes and a configured audit device, causing inadvertent logging of HTTP request headers on the standby node in cleartext. Affected component: Vault Enterprise (standby/log audit path). Root cause / impact: S...
Information Disclosure
github.com/hashicorp/vault is vulnerable to information disclosure. The vulnerability exists as the in-memory cache that exists on performance standby nodes is not purged if a mount filter was used to exclude the secondary cluster. This allows an attacker to retrieve mount configuration data whic...