{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T17:52:28.743","vulnerabilities":[{"cve":{"id":"CVE-2024-2877","sourceIdentifier":"security@hashicorp.com","published":"2024-04-30T15:15:52.740","lastModified":"2025-08-08T18:45:12.153","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.\n\nThis vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8."},{"lang":"es","value":"Vault Enterprise, cuando se configura con nodos en espera de rendimiento y un dispositivo de auditoría configurado, registrará inadvertidamente encabezados de solicitud en el nodo en espera. Es posible que estos registros hayan incluido información confidencial de solicitudes HTTP en texto plano. Esta vulnerabilidad, CVE-2024-2877, se solucionó en Vault Enterprise 1.15.8."}],"metrics":{"cvssMetricV31":[{"source":"security@hashicorp.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.1,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@hashicorp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.15.0","versionEndExcluding":"1.15.8","matchCriteriaId":"A319B0B9-ED42-4A7C-B9B0-AF331A632C1B"}]}]}],"references":[{"url":"https://discuss.hashicorp.com/t/hsec-2024-10-vault-enterprise-leaks-sensitive-http-request-headers-in-audit-log-when-deployed-with-a-performance-standby-node","source":"security@hashicorp.com","tags":["Broken Link"]},{"url":"https://security.netapp.com/advisory/ntap-20240614-0002/","source":"security@hashicorp.com","tags":["Third Party Advisory"]},{"url":"https://discuss.hashicorp.com/t/hsec-2024-10-vault-enterprise-leaks-sensitive-http-request-headers-in-audit-log-when-deployed-with-a-performance-standby-node","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://security.netapp.com/advisory/ntap-20240614-0002/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}