PT-2021-18682 · Hashicorp · Vault Enterprise+1
Published
2021-02-01
·
Updated
2024-03-06
·
CVE-2021-3024
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
HashiCorp Vault and Vault Enterprise versions prior to 1.5.7
HashiCorp Vault and Vault Enterprise versions prior to 1.6.2
Description
The issue allows the disclosure of the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests.
Recommendations
For versions prior to 1.5.7, update to version 1.5.7 or later to resolve the issue.
For versions prior to 1.6.2, update to version 1.6.2 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hashicorp Vault
Vault Enterprise