Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault
Moderate severity
GitHub Reviewed
Published
Aug 30, 2021
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Package
Affected versions
< 1.6.6
>= 1.7.0, < 1.7.4
Patched versions
1.6.6
1.7.4
Description
Published by the National Vulnerability Database
Aug 13, 2021
Reviewed
Aug 30, 2021
Published to the GitHub Advisory Database
Aug 30, 2021
Last updated
Jan 27, 2023
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
References