2262236 – (CVE-2024-0831) CVE-2024-0831 hashicorp vault: sensitive information disclosure

Bug 2262236 (CVE-2024-0831) - CVE-2024-0831 hashicorp vault: sensitive information disclosure

Summary: CVE-2024-0831 hashicorp vault: sensitive information disclosure

Keywords:
Status:	NEW
Alias:	CVE-2024-0831
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2262243 2262244 2262245 2262246 2262247 2262248 2262249 2262250 2262251
Blocks:	2262242
TreeView+	depends on / blocked

Reported:	2024-02-01 11:21 UTC by ybuenos
Modified:	2024-04-08 09:07 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description ybuenos 2024-02-01 11:21:56 UTC

Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.

https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration
https://link-to-discuss

Comment 3 Vipul Nair 2024-04-08 09:03:53 UTC

openshift-container-storage-4 used hashicorp vault 1.4 and above

Note You need to log in before you can comment on or make changes to this bug.