Sensitive Information Exposure via Audit Device Configuration in Vault

Sensitive Information Exposure via Audit Device Configuration in Vault

CVE-2024-0831 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.

Learn more about our Web Application Penetration Testing UK.