CVE-2024-0831

Insertion of Sensitive Information into Log File in go/github.com/hashicorp/vault

Identifiers

GHSA-vgh3-mwxq-rcp8, CVE-2024-0831

Package Slug

go/github.com/hashicorp/vault

Vulnerability

Insertion of Sensitive Information into Log File

Description

Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the log_raw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use log_raw.

Affected Versions

All versions starting from 1.15.0 before 1.15.5

Solution

Upgrade to version 1.15.5 or above.

Last Modified

2024-02-02

source