EUVD-2024-0732

Malicious code in bioql PyPI...

CVE-2024-2877

Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterpris...

Information Exposure Through Log Files

github.com/hashicorp/vault is vulnerable to Information Exposure Through Log Files. The vulnerability is due to a regression that removed the HMAC functionality for sensitive headers in the audit device, leading to the storage of plaintext client tokens and token accessors in the audit log...

GHSA-JJXF-26C9-77GM Vault Leaks Client Token and Token Accessor in Audit Devices

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being...

CVE-2024-8365

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being...

BIT-VAULT-2024-2877 Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node

Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterpris...

CVE-2024-2877

Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterpris...

CVE-2024-2877

Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterpris...

CVE-2024-2877

Summary: CVE-2024-2877 affects Vault Enterprise when configured with performance standby nodes and a configured audit device, causing inadvertent logging of HTTP request headers on the standby node in cleartext. Affected component: Vault Enterprise (standby/log audit path). Root cause / impact: S...

PT-2024-22569 · Hashicorp · Vault Enterprise

Name of the Vulnerable Software and Affected Versions: Vault Enterprise versions prior to 1.15.8 Description: The issue arises when Vault Enterprise is configured with performance standby nodes and a configured audit device, causing it to inadvertently log request headers on the standby node. The...

CVE-2024-0831

A sensitive information disclosure vulnerability was found in Hashicorp Vault. Enabling an audit device that specifies the lograw option may log sensitive information to oth...

Sensitive Information Disclosure

Vault is vulnerable to Sensitive Information Disclosure. The vulnerability is caused when enabling an audit device which specifies the lograw option, which may log sensitive information to other audit devices. This issue can be exploited by an attacker to Disclose Sensitive Information in the log...

GHSA-VGH3-MWXQ-RCP8 Hashicorp Vault may expose sensitive log information

Vault and Vault Enterprise “Vault” may expose sensitive information when enabling an audit device which specifies the lograw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use lograw...

CVE-2024-0831

Vault and Vault Enterprise “Vault” may expose sensitive information when enabling an audit device which specifies the lograw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use lograw...

CVE-2024-0831

Vault and Vault Enterprise “Vault” may expose sensitive information when enabling an audit device which specifies the lograw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use lograw...

Input validation

Vault and Vault Enterprise “Vault” may expose sensitive information when enabling an audit device which specifies the lograw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use lograw...

CVE-2024-0831

Summary: CVE-2024-0831 affects HashiCorp Vault and Vault Enterprise. When an audit device is enabled with the log_raw option, sensitive information may be logged to other audit devices, even if those devices are not configured to use log_raw. This creates a potential information disclosure in log...

Leadersec network Imperial security gateway-online behaviour(audit)device file upload vulnerability

No description provided by source...

Arbitrary Command Execution Vulnerability in Internet Audit Device of Shenzhen Aolian Information Security Technology Co.

Shenzhen Aolian Information Security Technology Co., Ltd. Internet access auditing device is a network behavior management system. Shenzhen Aolian Information Security Technology Co., Ltd. Internet Audit Equipment has an arbitrary command execution vulnerability, which can be exploited by attacke...