cbcvebase.
CVE-2024-2877
published 2024-04-30

CVE-2024-2877: Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node…

PriorityP425medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.17%
6.6th percentile
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.

Affected

2 ranges
VendorProductVersion rangeFixed in
hashicorpvault>= 1.15.0 < 1.15.81.15.8
hashicorpvault_enterprise>= 1.15.0 < 1.15.81.15.8
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.