NuytsTech Security

CVE-2024-0831

by ·

Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.

More information : https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : LOW
User interaction : NONE
Confidentiality impact : HIGH
Integrity impact : NONE
Base score : 6.5
Base severity : MEDIUM
Exploitability score : 2.8
Impact score : 3.6

Tags: