x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-jjxf-26c9-77gm

Advisory GHSA-jjxf-26c9-77gm references a vulnerability in the following Go modules:

Module
github.com/hashicorp/vault

Description: Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.

References:

Cross references:

github.com/hashicorp/vault appears in 33 other report(s):
- data/reports/GO-2022-0578.yaml (https://github.com/golang/vulndb/issues/578)
- data/reports/GO-2022-0590.yaml (https://github.com/golang/vulndb/issues/590)
- data/reports/GO-2022-0611.yaml (https://github.com/golang/vulndb/issues/611)
- data/reports/GO-2022-0618.yaml (https://github.com/golang/vulndb/issues/618)
- data/reports/GO-2022-0620.yaml (https://github.com/golang/vulndb/issues/620)
- data/reports/GO-2022-0623.yaml (https://github.com/golang/vulndb/issues/623)
- data/reports/GO-2022-0632.yaml (https://github.com/golang/vulndb/issues/632)
- data/reports/GO-2022-0778.yaml (https://github.com/golang/vulndb/issues/778)
- data/reports/GO-2022-0816.yaml (https://github.com/golang/vulndb/issues/816)
- data/reports/GO-2022-0825.yaml (https://github.com/golang/vulndb/issues/825)
- data/reports/GO-2022-1021.yaml (https://github.com/golang/vulndb/issues/1021)
- data/reports/GO-2023-1685.yaml (https://github.com/golang/vulndb/issues/1685)
- data/reports/GO-2023-1708.yaml (https://github.com/golang/vulndb/issues/1708)
- data/reports/GO-2023-1709.yaml (https://github.com/golang/vulndb/issues/1709)
- data/reports/GO-2023-1849.yaml (https://github.com/golang/vulndb/issues/1849)
- data/reports/GO-2023-1897.yaml (https://github.com/golang/vulndb/issues/1897)
- data/reports/GO-2023-1900.yaml (https://github.com/golang/vulndb/issues/1900)
- data/reports/GO-2023-1986.yaml (https://github.com/golang/vulndb/issues/1986)
- data/reports/GO-2023-2063.yaml (https://github.com/golang/vulndb/issues/2063)
- data/reports/GO-2023-2088.yaml (https://github.com/golang/vulndb/issues/2088)
- data/reports/GO-2023-2329.yaml (https://github.com/golang/vulndb/issues/2329)
- data/reports/GO-2023-2399.yaml (https://github.com/golang/vulndb/issues/2399)
- data/reports/GO-2024-2485.yaml (https://github.com/golang/vulndb/issues/2485)
- data/reports/GO-2024-2486.yaml (https://github.com/golang/vulndb/issues/2486)
- data/reports/GO-2024-2488.yaml (https://github.com/golang/vulndb/issues/2488)
- data/reports/GO-2024-2508.yaml (https://github.com/golang/vulndb/issues/2508)
- data/reports/GO-2024-2509.yaml (https://github.com/golang/vulndb/issues/2509)
- data/reports/GO-2024-2511.yaml (https://github.com/golang/vulndb/issues/2511)
- data/reports/GO-2024-2514.yaml (https://github.com/golang/vulndb/issues/2514)
- data/reports/GO-2024-2617.yaml (https://github.com/golang/vulndb/issues/2617)
- data/reports/GO-2024-2690.yaml (https://github.com/golang/vulndb/issues/2690)
- data/reports/GO-2024-2921.yaml (https://github.com/golang/vulndb/issues/2921)
- data/reports/GO-2024-2982.yaml (https://github.com/golang/vulndb/issues/2982)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/hashicorp/vault
      versions:
        - introduced: 1.17.3
        - fixed: 1.17.5
      vulnerable_at: 1.17.4
summary: Vault Leaks Client Token and Token Accessor in Audit Devices in github.com/hashicorp/vault
cves:
    - CVE-2024-8365
ghsas:
    - GHSA-jjxf-26c9-77gm
references:
    - advisory: https://github.com/advisories/GHSA-jjxf-26c9-77gm
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-8365
    - web: https://discuss.hashicorp.com/t/hcsec-2024-18-vault-leaks-client-token-and-token-accessor-in-audit-devices
source:
    id: GHSA-jjxf-26c9-77gm
    created: 2024-09-03T21:01:29.917801356Z
review_status: UNREVIEWED

golang / vulndb

x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-jjxf-26c9-77gm #3113