Lucene search
GoogleOSV:GHSA-6239-28C2-9MRMHistoryAug 30, 2021 - 5:22 p.m.
Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault
2021-08-3017:22:38
Google
osv.dev
6
0.001 Low
EPSS
Percentile
28.4%
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/hashicorp/vault | ge | 1.7.0 | |
| github.com/hashicorp/vault | lt | 1.6.6 | |
| github.com/hashicorp/vault | lt | 1.7.4 |
References
discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166
github.com/hashicorp/vault
github.com/hashicorp/vault/releases/tag/v1.6.6
github.com/hashicorp/vault/releases/tag/v1.7.4
nvd.nist.gov/vuln/detail/CVE-2021-38554
security.gentoo.org/glsa/202207-01
Related
alpinelinux
alpinelinux
CVE-2021-38554
2021-08-13 16:15:08
osv
osv
CVE-2021-38554
2021-08-13 16:15:08
BIT-vault-2021-38554
2024-03-06 11:10:38
redhatcve
redhatcve
CVE-2021-38554
2021-08-18 16:32:45
cvelist
cvelist
CVE-2021-38554
2021-08-13 15:45:50
nvd
nvd
CVE-2021-38554
2021-08-13 16:15:08
cve
cve
CVE-2021-38554
2021-08-13 16:15:08
github
github
prion
prion
Denial of service
2021-08-13 16:15:00
cgr
cgr
CVE-2021-38554 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2021-38554 vulnerabilities
2024-07-05 21:08:40
gentoo
gentoo
HashiCorp Vault: Multiple Vulnerabilities
2022-07-29 00:00:00
nessus
nessus
GLSA-202207-01 : HashiCorp Vault: Multiple Vulnerabilities
2022-08-02 00:00:00