CVE-2024-2877 Information

Description

Vault Enterprise when configured with performance standby nodes and a configured audit device will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.

This vulnerability CVE-2024-2877 was fixed in Vault Enterprise 1.15.8.

Reference

https://discuss.hashicorp.com/t/hsec-2024-10-vault-enterprise-leaks-sensitive-http-request-headers-in-audit-log-when-deployed-with-a-performance-standby-node