Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
added 2026/07/01 8:33 p.m.13 views

CVE-2026-5051

A flaw was found in HashiCorp Vault and Vault Enterprise. The audit device validation logic did not consistently apply plugin directory protections when a legacy file audit path option was used. This inconsistency could allow an attacker to bypass security controls, potentially leading to...

4.4CVSS5.6AI score0.00278EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 6:16 p.m.10 views

CVE-2026-5051

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS0.00278EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2026/07/01 5:8 p.m.47 views

Vault Audit Device Plugin Directory Guard Bypass via Legacy Path Option

Summary HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17. Background Vault...

4.4CVSS6.1AI score0.00278EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-54782

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 2.0.1 HashiCorp Vault Enterprise versions prior to 2.0.1 Description Audit device validation logic fails to consistently apply plugin directory protections when the legacy file audit path option is utilized...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0732

Malicious code in bioql PyPI...

6.5CVSS5.8AI score0.00764EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 7:7 a.m.6 views

CVE-2024-2877

Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterpris...

5.5CVSS6.6AI score0.00169EPSS
Exploits0References1
Veracode
Veracode
added 2024/09/04 7:49 a.m.7 views

Information Exposure Through Log Files

github.com/hashicorp/vault is vulnerable to Information Exposure Through Log Files. The vulnerability is due to a regression that removed the HMAC functionality for sensitive headers in the audit device, leading to the storage of plaintext client tokens and token accessors in the audit log...

6.5CVSS6.4AI score0.00474EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/09/02 6:30 a.m.11 views

GHSA-JJXF-26C9-77GM Vault Leaks Client Token and Token Accessor in Audit Devices

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being...

6.5CVSS6.1AI score0.00474EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/09/02 6:10 a.m.15 views

CVE-2024-8365

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being...

6.2CVSS6.6AI score0.00474EPSS
Exploits0References4
OSV
OSV
added 2024/05/02 7:37 a.m.18 views

BIT-VAULT-2024-2877 Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node

Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterpris...

5.5CVSS6AI score0.00169EPSS
Exploits0References3
NVD
NVD
added 2024/04/30 3:15 p.m.16 views

CVE-2024-2877

Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterpris...

5.5CVSS5.4AI score0.00169EPSS
Exploits0References2
CVE
CVE
added 2024/04/30 2:58 p.m.78 views

CVE-2024-2877

Summary: CVE-2024-2877 affects Vault Enterprise when configured with performance standby nodes and a configured audit device, causing inadvertent logging of HTTP request headers on the standby node in cleartext. Affected component: Vault Enterprise (standby/log audit path). Root cause / impact: S...

5.5CVSS5.4AI score0.00169EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/04/30 2:58 p.m.4 views

CVE-2024-2877 Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node

Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterpris...

5.5CVSS6AI score0.00169EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.8 views

PT-2024-22569 · Hashicorp · Vault Enterprise

Name of the Vulnerable Software and Affected Versions: Vault Enterprise versions prior to 1.15.8 Description: The issue arises when Vault Enterprise is configured with performance standby nodes and a configured audit device, causing it to inadvertently log request headers on the standby node. The...

5.5CVSS6.8AI score0.00169EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2024/02/28 12:34 p.m.20 views

CVE-2024-0831

A sensitive information disclosure vulnerability was found in Hashicorp Vault. Enabling an audit device that specifies the lograw option may log sensitive information to oth...

4.5CVSS6.6AI score0.00764EPSS
Exploits1References4
Veracode
Veracode
added 2024/02/02 10:40 a.m.12 views

Sensitive Information Disclosure

Vault is vulnerable to Sensitive Information Disclosure. The vulnerability is caused when enabling an audit device which specifies the lograw option, which may log sensitive information to other audit devices. This issue can be exploited by an attacker to Disclose Sensitive Information in the log...

6.5CVSS6.3AI score0.00764EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/02/01 3:30 a.m.21 views

GHSA-VGH3-MWXQ-RCP8 Hashicorp Vault may expose sensitive log information

Vault and Vault Enterprise “Vault” may expose sensitive information when enabling an audit device which specifies the lograw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use lograw...

4.5CVSS5.2AI score0.00764EPSS
Exploits1References6
NVD
NVD
added 2024/02/01 2:15 a.m.40 views

CVE-2024-0831

Vault and Vault Enterprise “Vault” may expose sensitive information when enabling an audit device which specifies the lograw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use lograw...

6.5CVSS5AI score0.00764EPSS
Exploits1References3
Prion
Prion
added 2024/02/01 2:15 a.m.25 views

Input validation

Vault and Vault Enterprise “Vault” may expose sensitive information when enabling an audit device which specifies the lograw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use lograw...

4CVSS6.7AI score0.00764EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/02/01 1:41 a.m.57 views

CVE-2024-0831

Summary: CVE-2024-0831 affects HashiCorp Vault and Vault Enterprise. When an audit device is enabled with the log_raw option, sensitive information may be logged to other audit devices, even if those devices are not configured to use log_raw. This creates a potential information disclosure in log...

6.5CVSS6.2AI score0.00764EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder