2189763 – (CVE-2018-19786) CVE-2018-19786 vault: writes the master key to the server log

Bug 2189763 (CVE-2018-19786) - CVE-2018-19786 vault: writes the master key to the server log

Summary: CVE-2018-19786 vault: writes the master key to the server log

Keywords:
Status:	NEW
Alias:	CVE-2018-19786
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2189759
TreeView+	depends on / blocked

Reported:	2023-04-26 05:35 UTC by Avinash Hanwate
Modified:	2025-03-17 23:44 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Avinash Hanwate 2023-04-26 05:35:55 UTC

HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.

https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018

Note You need to log in before you can comment on or make changes to this bug.