Moderate severityNVD Advisory· Published Feb 1, 2024· Updated Feb 13, 2025
Vault May Expose Sensitive Information When Configuring An Audit Log Device
CVE-2024-0831
Description
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the log_raw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use log_raw.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/vaultGo | >= 1.15.0, < 1.15.5 | 1.15.5 |
Affected products
4- osv-coords2 versions
>= 1.15.0, < 1.15.5+ 1 more
- (no CPE)range: >= 1.15.0, < 1.15.5
- (no CPE)range: >= 1.15.0, < 1.15.5
- Range: 1.15.0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-vgh3-mwxq-rcp8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-0831ghsaADVISORY
- developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.xghsaWEB
- discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311ghsaWEB
- github.com/hashicorp/vault/commit/2a72f2a8a5b57de88c22a2a94c4a5f08c6f3770bghsaWEB
- security.netapp.com/advisory/ntap-20240223-0005ghsaWEB
- security.netapp.com/advisory/ntap-20240223-0005/mitre
News mentions
0No linked articles in our index yet.