CVE-2024-8365

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 1.17.5 HashiCorp Vault Enterprise versions prior to 1.17.5 and 1.16.9

Description The issue is related to the storage of client tokens and token accessors in plaintext in the audit log due to the removal of functionality that HMAC'd sensitive headers. This could allow a remote attacker to access confidential information.

Recommendations For HashiCorp Vault versions prior to 1.17.5, update to version 1.17.5 or later. For HashiCorp Vault Enterprise versions prior to 1.17.5, update to version 1.17.5 or later. For HashiCorp Vault Enterprise versions prior to 1.16.9, update to version 1.16.9 or later.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

ALT-PU-2025-12480

ALT-PU-2025-12489

BDU:2024-07431

BIT-VAULT-2024-8365

CVE-2024-8365

GHSA-JJXF-26C9-77GM

GO-2024-3113

Affected Products

Alt Linux

Hashicorp Vault

Hashicorp Vault Enterprise

Red Os

CVE-2024-8365

Weakness Enumeration

Related Identifiers

Affected Products

References · 13