First published: Tue Apr 30 2024(Updated: )
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.
Credit: security@hashicorp.com
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.