CVE-2024-2877

Name of the Vulnerable Software and Affected Versions Vault Enterprise versions prior to 1.15.8

Description The issue arises when Vault Enterprise is configured with performance standby nodes and a configured audit device, causing it to inadvertently log request headers on the standby node. These logs may include sensitive HTTP request information in cleartext.

Recommendations For versions prior to 1.15.8, update to Vault Enterprise 1.15.8 to resolve the issue. As a temporary workaround, consider restricting access to the audit device on performance standby nodes until the update is applied.