{"id":"CVE-2024-2877","details":"Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.\n\nThis vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.","aliases":["BIT-vault-2024-2877"],"modified":"2026-03-14T12:28:08.513968Z","published":"2024-04-30T15:15:52.740Z","references":[{"type":"WEB","url":"https://discuss.hashicorp.com/t/hsec-2024-10-vault-enterprise-leaks-sensitive-http-request-headers-in-audit-log-when-deployed-with-a-performance-standby-node"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240614-0002/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hashicorp/vault","events":[{"introduced":"b4d07277a6c5318bb50d3b94bbd6135dccb4c601"},{"fixed":"b70e291d9c6fa3c1ff551bfb1b7e7ca4b41037b9"}],"database_specific":{"versions":[{"introduced":"1.15.0"},{"fixed":"1.15.8"}]}}],"versions":["ent-changelog-1.15.7","sdk/v0.10.2","v1.15.0","v1.15.1","v1.15.2","v1.15.3","v1.15.4","v1.15.5","v1.15.6","v1.15.7+ent"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2877.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}