CVE-2024-2877

Published Apr 30, 2024

Last updated 5 months ago

CVSS medium 5.5

Overview

Description
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.
Source
security@hashicorp.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.5
Impact score
4
Exploitability score
1.1
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

security@hashicorp.com
CWE-532

Social media

Hype score
Not currently trending

References