HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/hashicorp/vault | ge | 1.7.0 | |
github.com/hashicorp/vault | lt | 1.6.6 | |
github.com/hashicorp/vault | lt | 1.7.4 |
discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166
github.com/hashicorp/vault
github.com/hashicorp/vault/releases/tag/v1.6.6
github.com/hashicorp/vault/releases/tag/v1.7.4
nvd.nist.gov/vuln/detail/CVE-2021-38554
security.gentoo.org/glsa/202207-01