#VU50454 Input validation error in Vault and Vault Enterprise - CVE-2021-3024
Published: February 1, 2021 / Updated: February 26, 2021
Vulnerability identifier: #VU50454
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-3024
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Vault
Vault Enterprise
Vault
Vault Enterprise
Software vendor:
HashiCorp
HashiCorp
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests.
Remediation
Install update from vendor's website.