Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the log_raw
option, which may log sensitive information to other audit devices, regardless of whether they are configured to use log_raw
.
The product writes sensitive information to a log file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Vault | Hashicorp | 1.15.0 (including) | 1.15.5 (excluding) |