CVE-2024-8365

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.7 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://discuss.hashicorp.com/t/hcsec-2024-18-vault-leaks-client-token-and-token-accessor-in-audit-devices/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hashicorp:vault:::::enterprise:::*
	cpe:2.3:a:hashicorp:vault:::::-:::*
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*

History

No history.

Information

Published : 2024-09-02 05:15

Updated : 2024-09-04 14:37

NVD link : CVE-2024-8365

Mitre link : CVE-2024-8365

CVE.ORG link : CVE-2024-8365

JSON object : View

Products Affected

hashicorp

vault

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2024-8365", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@hashicorp.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-09-02T05:15:17.823", "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2024-18-vault-leaks-client-token-and-token-accessor-in-audit-devices/", "tags": ["Vendor Advisory"], "source": "security@hashicorp.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@hashicorp.com", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC\u2019d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9."}, {"lang": "es", "value": "Vault Community Edition y Vault Enterprise experimentaron una regresi\u00f3n en la que se elimin\u00f3 la funcionalidad que codificaba mediante HMAC los encabezados confidenciales en el dispositivo de auditor\u00eda configurado, espec\u00edficamente los tokens de cliente y los descriptores de acceso de token. Esto provoc\u00f3 que los valores de texto sin formato de los tokens de cliente y los descriptores de acceso de token se almacenaran en el registro de auditor\u00eda. Esta vulnerabilidad, CVE-2024-8365, se solucion\u00f3 en Vault Community Edition y Vault Enterprise 1.17.5 y Vault Enterprise 1.16.9."}], "lastModified": "2024-09-04T14:37:03.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "42D075A3-0E7A-4EC6-96AF-55CD4B5E0722", "versionEndExcluding": "1.16.9"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "7249EEB1-D26D-4924-A69A-17C63F7B0693", "versionEndExcluding": "1.17.5"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "61BDF0C9-6DA7-496D-8181-6EDF20271239", "versionEndExcluding": "1.17.5", "versionStartIncluding": "1.17.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@hashicorp.com"}