CVE-2024-8365

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Sep 2, 2024
Updated: Sep 4, 2024
CWE ID 532

Summary

CVE-2024-8365 is a vulnerability that affects both Vault Community Edition and Vault Enterprise, where sensitive client tokens and token accessors were stored in plaintext within the audit logs due to a regression in functionality. This issue poses a significant confidentiality risk, as it allows unauthorized access to sensitive information, potentially leading to further exploitation. The vulnerability has been classified with a medium severity rating (base score of 6.5) and requires user interaction for exploitation, with an attack vector over the network. Organizations using these versions should upgrade to Vault Community Edition and Vault Enterprise versions 1.17.5 or 1.16.9 or later to remediate this issue effectively. Detailed information regarding this vulnerability can be found in the vendor advisory linked from HashiCorp’s discussion forum.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share