CVE-2020-13223 — Log File Information Exposure in Hashicorp Vault

Severity

7.5HIGHNVD

EPSS

0.4%

top 40.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJun 10

Latest updateAug 21

Description

HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

▶NVDhashicorp/vault1.4.0 — 1.4.2+1

OSV

Information Disclosure in HashiCorp Vault in github.com/hashicorp/vault↗2024-08-21

▶

OSV

Information Disclosure in HashiCorp Vault↗2021-05-18

▶

GHSA

Information Disclosure in HashiCorp Vault↗2021-05-18

▶

Red Hat

vault: Information disclosure from logged proxy environment variables↗2020-05-21

▶