CVE Vulnerabilities

CVE-2024-0831

Insertion of Sensitive Information into Log File

Published: Feb 01, 2024 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
4.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Ubuntu

Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the log_raw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use log_raw.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name Vendor Start Version End Version
Vault Hashicorp 1.15.0 (including) 1.15.5 (excluding)

Potential Mitigations

References