CVE-2021-3024 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Information disclosure
Description	HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. This is fixed in versions 1.6.2 and 1.5.7.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1368	vault	1.5.5-1	1.5.7-1	Medium	Fixed	FS#69015

References
https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334 https://github.com/hashicorp/vault/pull/10579 https://github.com/hashicorp/vault/commit/506265d676da10e2a07f47455e7f5bdb8f45cb3e

References

https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334
https://github.com/hashicorp/vault/pull/10579
https://github.com/hashicorp/vault/commit/506265d676da10e2a07f47455e7f5bdb8f45cb3e