Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.

This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.

Related CVEs

CVE-2024-2877

Key Information

GHSA ID

GHSA-vxc5-78f8-rhp4

Published

April 30, 2024 3:30 PM

Last Modified

June 14, 2024 3:31 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.