Main Vulnerability Database SB2021013007

SB2021013007 - Input validation error in vault (Alpine package)

Published: January 30, 2021

Security Bulletin ID SB2021013007

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2021-3024)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=483d0df06ab993eaacd1ccbb9d1cb9867c3cc3ed
https://git.alpinelinux.org/aports/commit/?id=c984c27896a1fce702e7ff810617a5cd7520bfb8