PT-2024-15850 · Hashicorp · Hashicorp Vault

Published

2024-02-01

Updated

2024-06-28

CVE-2024-0831

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Hashicorp Vault (affected versions not specified)

Description The issue concerns the exposure of sensitive information when an audit device with the log raw option is enabled. This may cause sensitive information to be logged to other audit devices, regardless of their configuration regarding the log raw option.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

BIT-VAULT-2024-0831

CVE-2024-0831

GHSA-VGH3-MWXQ-RCP8

GO-2024-2511

Affected Products

Hashicorp Vault

PT-2024-15850 · Hashicorp · Hashicorp Vault

CVE-2024-0831

Weakness Enumeration

Related Identifiers

Affected Products

References · 13