GHSA-vgh3-mwxq-rcp8, CVE-2024-0831
go/github.com/hashicorp/vault
Insertion of Sensitive Information into Log File
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the log_raw
option, which may log sensitive information to other audit devices, regardless of whether they are configured to use log_raw
.
All versions starting from 1.15.0 before 1.15.5
Upgrade to version 1.15.5 or above.
2024-02-02
source |