Unrated severityNVD Advisory· Published Apr 30, 2024· Updated Feb 13, 2025
Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node
CVE-2024-2877
Description
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.
This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.
Affected products
2- Range: 1.15.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.