Unrated severityNVD Advisory· Published Feb 1, 2021· Updated Aug 3, 2024
CVE-2021-3024
CVE-2021-3024
Description
HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- HashiCorp/Vaultdescription
- Range: < 1.5.7
Patches
Vulnerability mechanics
References
2- security.gentoo.org/glsa/202207-01mitrevendor-advisoryx_refsource_GENTOO
- discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.