CVE-2018-19786
First published: Wed Dec 05 2018(Updated: )
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HashiCorp Vault | <1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this HashiCorp Vault vulnerability?
The vulnerability ID for this HashiCorp Vault vulnerability is CVE-2018-19786.
What is the severity of vulnerability CVE-2018-19786?
The severity of vulnerability CVE-2018-19786 is high, with a severity value of 8.1.
What is affected by vulnerability CVE-2018-19786?
HashiCorp Vault versions prior to 1.0.0 are affected by vulnerability CVE-2018-19786.
What is the impact of vulnerability CVE-2018-19786?
Vulnerability CVE-2018-19786 exposes the master key to the server log in certain unusual or misconfigured scenarios.
How can I fix vulnerability CVE-2018-19786?
To fix vulnerability CVE-2018-19786, upgrade to a version of HashiCorp Vault that is equal to or newer than 1.0.0.
- collector/nvd-index
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/references
- agent/description
- agent/tags
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/hashicorp
- canonical/hashicorp vault