CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8365

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.8%

CVSS Severity

CVSS v3 Score 6.2

References

https://discuss.hashicorp.com/t/hcsec-2024-18-vault-leaks-client-token-and-token-accessor-in-audit-devices/

Products affected by CVE-2024-8365

Hashicorp » Vault » Version: 0.10.0

cpe:2.3:a:hashicorp:vault:0.10.0
Hashicorp » Vault » Version: 0.11.0

cpe:2.3:a:hashicorp:vault:0.11.0
Hashicorp » Vault » Version: 0.9.2

cpe:2.3:a:hashicorp:vault:0.9.2
Hashicorp » Vault » Version: 1.0.0

cpe:2.3:a:hashicorp:vault:1.0.0
Hashicorp » Vault » Version: 1.0.1

cpe:2.3:a:hashicorp:vault:1.0.1
Hashicorp » Vault » Version: 1.0.2

cpe:2.3:a:hashicorp:vault:1.0.2
Hashicorp » Vault » Version: 1.0.3

cpe:2.3:a:hashicorp:vault:1.0.3
Hashicorp » Vault » Version: 1.1.0

cpe:2.3:a:hashicorp:vault:1.1.0
Hashicorp » Vault » Version: 1.1.1

cpe:2.3:a:hashicorp:vault:1.1.1
Hashicorp » Vault » Version: 1.1.2

cpe:2.3:a:hashicorp:vault:1.1.2
Hashicorp » Vault » Version: 1.1.3

cpe:2.3:a:hashicorp:vault:1.1.3
Hashicorp » Vault » Version: 1.1.4

cpe:2.3:a:hashicorp:vault:1.1.4
Hashicorp » Vault » Version: 1.1.5

cpe:2.3:a:hashicorp:vault:1.1.5
Hashicorp » Vault » Version: 1.10.0

cpe:2.3:a:hashicorp:vault:1.10.0
Hashicorp » Vault » Version: 1.10.11

cpe:2.3:a:hashicorp:vault:1.10.11
Hashicorp » Vault » Version: 1.10.2

cpe:2.3:a:hashicorp:vault:1.10.2
Hashicorp » Vault » Version: 1.10.3

cpe:2.3:a:hashicorp:vault:1.10.3
Hashicorp » Vault » Version: 1.10.7

cpe:2.3:a:hashicorp:vault:1.10.7
Hashicorp » Vault » Version: 1.11.0

cpe:2.3:a:hashicorp:vault:1.11.0
Hashicorp » Vault » Version: 1.11.3

cpe:2.3:a:hashicorp:vault:1.11.3
Hashicorp » Vault » Version: 1.11.4

cpe:2.3:a:hashicorp:vault:1.11.4
Hashicorp » Vault » Version: 1.11.8

cpe:2.3:a:hashicorp:vault:1.11.8
Hashicorp » Vault » Version: 1.12.0

cpe:2.3:a:hashicorp:vault:1.12.0
Hashicorp » Vault » Version: 1.12.11

cpe:2.3:a:hashicorp:vault:1.12.11
Hashicorp » Vault » Version: 1.12.4

cpe:2.3:a:hashicorp:vault:1.12.4
Hashicorp » Vault » Version: 1.12.8

cpe:2.3:a:hashicorp:vault:1.12.8
Hashicorp » Vault » Version: 1.13.0

cpe:2.3:a:hashicorp:vault:1.13.0
Hashicorp » Vault » Version: 1.13.10

cpe:2.3:a:hashicorp:vault:1.13.10
Hashicorp » Vault » Version: 1.13.4

cpe:2.3:a:hashicorp:vault:1.13.4
Hashicorp » Vault » Version: 1.13.5

cpe:2.3:a:hashicorp:vault:1.13.5
Hashicorp » Vault » Version: 1.13.7

cpe:2.3:a:hashicorp:vault:1.13.7
Hashicorp » Vault » Version: 1.13.8

cpe:2.3:a:hashicorp:vault:1.13.8
Hashicorp » Vault » Version: 1.14.0

cpe:2.3:a:hashicorp:vault:1.14.0
Hashicorp » Vault » Version: 1.14.11

cpe:2.3:a:hashicorp:vault:1.14.11
Hashicorp » Vault » Version: 1.14.12

cpe:2.3:a:hashicorp:vault:1.14.12
Hashicorp » Vault » Version: 1.14.13

cpe:2.3:a:hashicorp:vault:1.14.13
Hashicorp » Vault » Version: 1.14.3

cpe:2.3:a:hashicorp:vault:1.14.3
Hashicorp » Vault » Version: 1.14.4

cpe:2.3:a:hashicorp:vault:1.14.4
Hashicorp » Vault » Version: 1.14.6

cpe:2.3:a:hashicorp:vault:1.14.6
Hashicorp » Vault » Version: 1.15.0

cpe:2.3:a:hashicorp:vault:1.15.0
Hashicorp » Vault » Version: 1.15.10

cpe:2.3:a:hashicorp:vault:1.15.10
Hashicorp » Vault » Version: 1.15.11

cpe:2.3:a:hashicorp:vault:1.15.11
Hashicorp » Vault » Version: 1.15.12

cpe:2.3:a:hashicorp:vault:1.15.12
Hashicorp » Vault » Version: 1.15.13

cpe:2.3:a:hashicorp:vault:1.15.13
Hashicorp » Vault » Version: 1.15.14

cpe:2.3:a:hashicorp:vault:1.15.14
Hashicorp » Vault » Version: 1.15.15

cpe:2.3:a:hashicorp:vault:1.15.15
Hashicorp » Vault » Version: 1.15.16

cpe:2.3:a:hashicorp:vault:1.15.16
Hashicorp » Vault » Version: 1.15.2

cpe:2.3:a:hashicorp:vault:1.15.2
Hashicorp » Vault » Version: 1.15.3

cpe:2.3:a:hashicorp:vault:1.15.3
Hashicorp » Vault » Version: 1.15.4

cpe:2.3:a:hashicorp:vault:1.15.4
Hashicorp » Vault » Version: 1.15.5

cpe:2.3:a:hashicorp:vault:1.15.5
Hashicorp » Vault » Version: 1.15.6

cpe:2.3:a:hashicorp:vault:1.15.6
Hashicorp » Vault » Version: 1.15.7

cpe:2.3:a:hashicorp:vault:1.15.7
Hashicorp » Vault » Version: 1.15.8

cpe:2.3:a:hashicorp:vault:1.15.8
Hashicorp » Vault » Version: 1.15.9

cpe:2.3:a:hashicorp:vault:1.15.9
Hashicorp » Vault » Version: 1.16.0

cpe:2.3:a:hashicorp:vault:1.16.0
Hashicorp » Vault » Version: 1.16.1

cpe:2.3:a:hashicorp:vault:1.16.1
Hashicorp » Vault » Version: 1.16.2

cpe:2.3:a:hashicorp:vault:1.16.2
Hashicorp » Vault » Version: 1.16.3

cpe:2.3:a:hashicorp:vault:1.16.3
Hashicorp » Vault » Version: 1.16.4

cpe:2.3:a:hashicorp:vault:1.16.4
Hashicorp » Vault » Version: 1.16.5

cpe:2.3:a:hashicorp:vault:1.16.5
Hashicorp » Vault » Version: 1.16.6

cpe:2.3:a:hashicorp:vault:1.16.6
Hashicorp » Vault » Version: 1.16.7

cpe:2.3:a:hashicorp:vault:1.16.7
Hashicorp » Vault » Version: 1.16.8

cpe:2.3:a:hashicorp:vault:1.16.8
Hashicorp » Vault » Version: 1.17.0

cpe:2.3:a:hashicorp:vault:1.17.0
Hashicorp » Vault » Version: 1.17.1

cpe:2.3:a:hashicorp:vault:1.17.1
Hashicorp » Vault » Version: 1.17.2

cpe:2.3:a:hashicorp:vault:1.17.2
Hashicorp » Vault » Version: 1.17.3

cpe:2.3:a:hashicorp:vault:1.17.3
Hashicorp » Vault » Version: 1.17.4

cpe:2.3:a:hashicorp:vault:1.17.4
Hashicorp » Vault » Version: 1.2.0

cpe:2.3:a:hashicorp:vault:1.2.0
Hashicorp » Vault » Version: 1.2.1

cpe:2.3:a:hashicorp:vault:1.2.1
Hashicorp » Vault » Version: 1.2.2

cpe:2.3:a:hashicorp:vault:1.2.2
Hashicorp » Vault » Version: 1.2.3

cpe:2.3:a:hashicorp:vault:1.2.3
Hashicorp » Vault » Version: 1.2.4

cpe:2.3:a:hashicorp:vault:1.2.4
Hashicorp » Vault » Version: 1.2.5

cpe:2.3:a:hashicorp:vault:1.2.5
Hashicorp » Vault » Version: 1.3.0

cpe:2.3:a:hashicorp:vault:1.3.0
Hashicorp » Vault » Version: 1.3.1

cpe:2.3:a:hashicorp:vault:1.3.1
Hashicorp » Vault » Version: 1.3.2

cpe:2.3:a:hashicorp:vault:1.3.2
Hashicorp » Vault » Version: 1.3.3

cpe:2.3:a:hashicorp:vault:1.3.3
Hashicorp » Vault » Version: 1.3.4

cpe:2.3:a:hashicorp:vault:1.3.4
Hashicorp » Vault » Version: 1.3.5

cpe:2.3:a:hashicorp:vault:1.3.5
Hashicorp » Vault » Version: 1.3.6

cpe:2.3:a:hashicorp:vault:1.3.6
Hashicorp » Vault » Version: 1.3.8

cpe:2.3:a:hashicorp:vault:1.3.8
Hashicorp » Vault » Version: 1.4.0

cpe:2.3:a:hashicorp:vault:1.4.0
Hashicorp » Vault » Version: 1.4.1

cpe:2.3:a:hashicorp:vault:1.4.1
Hashicorp » Vault » Version: 1.4.2

cpe:2.3:a:hashicorp:vault:1.4.2
Hashicorp » Vault » Version: 1.4.3

cpe:2.3:a:hashicorp:vault:1.4.3
Hashicorp » Vault » Version: 1.4.4

cpe:2.3:a:hashicorp:vault:1.4.4
Hashicorp » Vault » Version: 1.4.5

cpe:2.3:a:hashicorp:vault:1.4.5
Hashicorp » Vault » Version: 1.4.5.1

cpe:2.3:a:hashicorp:vault:1.4.5.1
Hashicorp » Vault » Version: 1.4.6

cpe:2.3:a:hashicorp:vault:1.4.6
Hashicorp » Vault » Version: 1.4.7

cpe:2.3:a:hashicorp:vault:1.4.7
Hashicorp » Vault » Version: 1.5.0

cpe:2.3:a:hashicorp:vault:1.5.0
Hashicorp » Vault » Version: 1.5.1

cpe:2.3:a:hashicorp:vault:1.5.1
Hashicorp » Vault » Version: 1.5.2

cpe:2.3:a:hashicorp:vault:1.5.2
Hashicorp » Vault » Version: 1.5.2.1

cpe:2.3:a:hashicorp:vault:1.5.2.1
Hashicorp » Vault » Version: 1.5.3

cpe:2.3:a:hashicorp:vault:1.5.3
Hashicorp » Vault » Version: 1.5.4

cpe:2.3:a:hashicorp:vault:1.5.4
Hashicorp » Vault » Version: 1.5.5

cpe:2.3:a:hashicorp:vault:1.5.5
Hashicorp » Vault » Version: 1.5.6

cpe:2.3:a:hashicorp:vault:1.5.6
Hashicorp » Vault » Version: 1.5.7

cpe:2.3:a:hashicorp:vault:1.5.7
Hashicorp » Vault » Version: 1.5.8

cpe:2.3:a:hashicorp:vault:1.5.8
Hashicorp » Vault » Version: 1.5.9

cpe:2.3:a:hashicorp:vault:1.5.9
Hashicorp » Vault » Version: 1.6.0

cpe:2.3:a:hashicorp:vault:1.6.0
Hashicorp » Vault » Version: 1.6.1

cpe:2.3:a:hashicorp:vault:1.6.1
Hashicorp » Vault » Version: 1.6.2

cpe:2.3:a:hashicorp:vault:1.6.2
Hashicorp » Vault » Version: 1.6.3

cpe:2.3:a:hashicorp:vault:1.6.3
Hashicorp » Vault » Version: 1.6.4

cpe:2.3:a:hashicorp:vault:1.6.4
Hashicorp » Vault » Version: 1.6.5

cpe:2.3:a:hashicorp:vault:1.6.5
Hashicorp » Vault » Version: 1.7.0

cpe:2.3:a:hashicorp:vault:1.7.0
Hashicorp » Vault » Version: 1.7.1

cpe:2.3:a:hashicorp:vault:1.7.1
Hashicorp » Vault » Version: 1.7.10

cpe:2.3:a:hashicorp:vault:1.7.10
Hashicorp » Vault » Version: 1.7.2

cpe:2.3:a:hashicorp:vault:1.7.2
Hashicorp » Vault » Version: 1.7.3

cpe:2.3:a:hashicorp:vault:1.7.3
Hashicorp » Vault » Version: 1.7.4

cpe:2.3:a:hashicorp:vault:1.7.4
Hashicorp » Vault » Version: 1.7.5

cpe:2.3:a:hashicorp:vault:1.7.5
Hashicorp » Vault » Version: 1.7.6

cpe:2.3:a:hashicorp:vault:1.7.6
Hashicorp » Vault » Version: 1.7.7

cpe:2.3:a:hashicorp:vault:1.7.7
Hashicorp » Vault » Version: 1.7.8

cpe:2.3:a:hashicorp:vault:1.7.8
Hashicorp » Vault » Version: 1.7.9

cpe:2.3:a:hashicorp:vault:1.7.9
Hashicorp » Vault » Version: 1.8.0

cpe:2.3:a:hashicorp:vault:1.8.0
Hashicorp » Vault » Version: 1.8.3

cpe:2.3:a:hashicorp:vault:1.8.3
Hashicorp » Vault » Version: 1.8.4

cpe:2.3:a:hashicorp:vault:1.8.4
Hashicorp » Vault » Version: 1.8.6

cpe:2.3:a:hashicorp:vault:1.8.6
Hashicorp » Vault » Version: 1.8.7

cpe:2.3:a:hashicorp:vault:1.8.7
Hashicorp » Vault » Version: 1.8.8

cpe:2.3:a:hashicorp:vault:1.8.8
Hashicorp » Vault » Version: 1.8.9

cpe:2.3:a:hashicorp:vault:1.8.9
Hashicorp » Vault » Version: 1.9.0

cpe:2.3:a:hashicorp:vault:1.9.0
Hashicorp » Vault » Version: 1.9.1

cpe:2.3:a:hashicorp:vault:1.9.1
Hashicorp » Vault » Version: 1.9.10

cpe:2.3:a:hashicorp:vault:1.9.10
Hashicorp » Vault » Version: 1.9.2

cpe:2.3:a:hashicorp:vault:1.9.2
Hashicorp » Vault » Version: 1.9.3

cpe:2.3:a:hashicorp:vault:1.9.3
Hashicorp » Vault » Version: 1.9.4

cpe:2.3:a:hashicorp:vault:1.9.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8365

Products

Pricing

Contact Us