CVE-2018-19786Log File Information Exposure in Vault

CWE-532Log File Information Exposure3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.3%
top 46.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Hashicorp Vault
Timeline
PublishedDec 5
Latest updateMay 14

Description

HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

NVDhashicorp/vault< 1.0.0

🔴Vulnerability Details

1
GHSA
GHSA-5jfh-x25r-v632: HashiCorp Vault before 12022-05-14

📋Vendor Advisories

1
Red Hat
vault: writes the master key to the server log2018-12-05