Bug 2189763 (CVE-2018-19786)

Summary: CVE-2018-19786 vault: writes the master key to the server log
Product: [Other] Security Response Reporter: Avinash Hanwate <ahanwate>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: amctagga, jcantril, muagarwa, nbecker, periklis, tnielsen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in HashiCorp Vault, which could provide weaker-than-expected security, caused by a flaw in the autoseal mechanism. This flaw allows a remote attacker to launch further attacks on the system.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2189759    

Description Avinash Hanwate 2023-04-26 05:35:55 UTC 
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.

https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018