CGA-xj43-9w44-6f3g

Published

Last updated

https://images.chainguard.dev/security/CGA-xj43-9w44-6f3g

Package

vault-fips-1.16

Latest Update

Not affected

Aliases

CVE-2021-38554
GHSA-6239-28c2-9mrm

Severity

5.3

Medium

CVSS V3

Summary

Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault

Description

HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-38554
https://github.com/advisories/GHSA-6239-28c2-9mrm
https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166
https://github.com/hashicorp/vault
https://github.com/hashicorp/vault/releases/tag/v1.6.6
https://github.com/hashicorp/vault/releases/tag/v1.7.4
https://security.gentoo.org/glsa/202207-01

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-xj43-9w44-6f3g

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources