Information disclosure in Vault

#VU28461 Information disclosure in Vault

Published: 2020-06-01

Vulnerability identifier: #VU28461

Vulnerability risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13223

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Vault
Web applications / Modules and components for CMS

Vendor: HashiCorp

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to the proxy environment variables such as URLs are logged by default and including usernames and passwords. A remote administrator can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Vault: 1.3.0 - 1.3.5, 1.4.0 - 1.4.1

External links
http://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHASHICORPVAULTCOMMAND-570191
http://github.com/hashicorp/vault/commit/87f47c216cf1a28f4054b80cff40de8c9e00e36c
http://github.com/hashicorp/vault/commit/e52f34772affb69f3239b2cdf6523cb7cfd67a92

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Information disclosure in vault (Alpine package)

Information disclosure in HashiCorp Vault