Description
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.
References (1)
Core 1
Core References
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018
Scores
CVSS v3
8.1
EPSS
0.0031
EPSS Percentile
53.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-532
Status
published
Products (1)
hashicorp/vault
< 1.0.0
Published
Dec 05, 2018
Tracked Since
Feb 18, 2026