CVE-2021-3024 - log back

CVE-2021-3024 edited at 11 Feb 2021 13:00:53
References
https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334
https://github.com/hashicorp/vault/pull/10579
- https://github.com/hashicorp/vault/commit/f4db2dddf449845d3a4dfc835d955e29c31c7a23
+ https://github.com/hashicorp/vault/commit/506265d676da10e2a07f47455e7f5bdb8f45cb3e
CVE-2021-3024 edited at 01 Feb 2021 18:25:34
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. This is fixed in versions 1.6.2 and 1.5.7.
References
+ https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334
+ https://github.com/hashicorp/vault/pull/10579
+ https://github.com/hashicorp/vault/commit/f4db2dddf449845d3a4dfc835d955e29c31c7a23
CVE-2021-3024 created at 01 Feb 2021 18:20:24
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes