CVE-2024-2877
published 2024-04-30CVE-2024-2877: Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node…
PriorityP425medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.17%
6.6th percentile
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.
This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hashicorp | vault | >= 1.15.0 < 1.15.8 | 1.15.8 |
| hashicorp | vault_enterprise | >= 1.15.0 < 1.15.8 | 1.15.8 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://discuss.hashicorp.com/t/hsec-2024-10-vault-enterprise-leaks-sensitive-http-request-headers-in-audit-log-when-deployed-with-a-performance-standby-nodehttps://security.netapp.com/advisory/ntap-20240614-0002/https://discuss.hashicorp.com/t/hsec-2024-10-vault-enterprise-leaks-sensitive-http-request-headers-in-audit-log-when-deployed-with-a-performance-standby-nodehttps://security.netapp.com/advisory/ntap-20240614-0002/
2024-04-30
Published