23 matches found
CVE-2026-5051
A flaw was found in HashiCorp Vault and Vault Enterprise. The audit device validation logic did not consistently apply plugin directory protections when a legacy file audit path option was used. This inconsistency could allow an attacker to bypass security controls, potentially leading to...
CVE-2026-5051
HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...
Vault Audit Device Plugin Directory Guard Bypass via Legacy Path Option
Summary HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17. Background Vault...
PT-2026-54782
Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 2.0.1 HashiCorp Vault Enterprise versions prior to 2.0.1 Description Audit device validation logic fails to consistently apply plugin directory protections when the legacy file audit path option is utilized...
EUVD-2024-0732
Malicious code in bioql PyPI...
CVE-2024-2877
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterpris...
Information Exposure Through Log Files
github.com/hashicorp/vault is vulnerable to Information Exposure Through Log Files. The vulnerability is due to a regression that removed the HMAC functionality for sensitive headers in the audit device, leading to the storage of plaintext client tokens and token accessors in the audit log...
GHSA-JJXF-26C9-77GM Vault Leaks Client Token and Token Accessor in Audit Devices
Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being...
CVE-2024-8365
Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being...
BIT-VAULT-2024-2877 Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterpris...
CVE-2024-2877
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterpris...
CVE-2024-2877
Summary: CVE-2024-2877 affects Vault Enterprise when configured with performance standby nodes and a configured audit device, causing inadvertent logging of HTTP request headers on the standby node in cleartext. Affected component: Vault Enterprise (standby/log audit path). Root cause / impact: S...
CVE-2024-2877 Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterpris...
PT-2024-22569 · Hashicorp · Vault Enterprise
Name of the Vulnerable Software and Affected Versions: Vault Enterprise versions prior to 1.15.8 Description: The issue arises when Vault Enterprise is configured with performance standby nodes and a configured audit device, causing it to inadvertently log request headers on the standby node. The...
CVE-2024-0831
A sensitive information disclosure vulnerability was found in Hashicorp Vault. Enabling an audit device that specifies the lograw option may log sensitive information to oth...
Sensitive Information Disclosure
Vault is vulnerable to Sensitive Information Disclosure. The vulnerability is caused when enabling an audit device which specifies the lograw option, which may log sensitive information to other audit devices. This issue can be exploited by an attacker to Disclose Sensitive Information in the log...
GHSA-VGH3-MWXQ-RCP8 Hashicorp Vault may expose sensitive log information
Vault and Vault Enterprise “Vault” may expose sensitive information when enabling an audit device which specifies the lograw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use lograw...
CVE-2024-0831
Vault and Vault Enterprise “Vault” may expose sensitive information when enabling an audit device which specifies the lograw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use lograw...
Input validation
Vault and Vault Enterprise “Vault” may expose sensitive information when enabling an audit device which specifies the lograw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use lograw...
CVE-2024-0831
Summary: CVE-2024-0831 affects HashiCorp Vault and Vault Enterprise. When an audit device is enabled with the log_raw option, sensitive information may be logged to other audit devices, even if those devices are not configured to use log_raw. This creates a potential information disclosure in log...