User Interface Vulnerability in HashiCorp Vault and Vault Enterprise
CVE-2021-38554

5.3MEDIUM

Key Information:

Vendor

Hashicorp
Status
Vault
Vendor
CVE Published:
13 August 2021

What is CVE-2021-38554?

A vulnerability in the user interface of HashiCorp Vault and Vault Enterprise led to the unintended caching of sensitive user-viewed secrets between sessions in a shared browser environment. This flaw can potentially expose confidential information to unauthorized users leveraging the same browser. The issue has been addressed in Vault versions 1.8.0 and is pending resolution for versions 1.7.4 and 1.6.6.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-...
x_refsource_MISC
https://security.gentoo.org/glsa/202207-01
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.