High severityNVD Advisory· Published May 7, 2021· Updated Aug 3, 2024
CVE-2021-32074
CVE-2021-32074
Description
HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
hashicorp/vault-actionGitHub Actions | < 2.2.0 | 2.2.0 |
Affected products
2- HashiCorp/vault-actiondescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-4mgv-m5cm-f9h7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-32074ghsaADVISORY
- discuss.hashicorp.com/t/hcsec-2021-13-vault-github-action-did-not-correctly-mask-multi-line-secrets-in-output/24128ghsax_refsource_MISCWEB
- github.com/hashicorp/vault-action/blob/master/CHANGELOG.mdghsax_refsource_MISCWEB
- github.com/hashicorp/vault-action/commit/3526e1be65cf8faf42d6088bc5da8bff596c718aghsaWEB
- github.com/hashicorp/vault-action/issues/205ghsax_refsource_MISCWEB
- github.com/hashicorp/vault-action/pull/208ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.