Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-2024-2877

Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.

This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.

  • Published: Apr 30, 2024
  • Updated: Aug 9, 2025
  • CVE: CVE-2024-2877
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
hashicorp / vault 1.15.0 1.15.8