HashiCorp Vault Sensitive Data Exposure Vulnerability in KV Version 2 Plugin

A vulnerability exists in the HashiCorp Vault Community and Enterprise editions that utilize the Key/Value (KV) Version 2 plugin. This vulnerability may lead to the unintentional exposure of sensitive information in server and audit logs. The issue arises when users send malformed payloads during the creation or updating of secrets via the Vault REST API. Affected versions include Vault Community 0.3.0 prior to 1.19.2 and Vault Enterprise 0.3.0 prior to 1.19.2, 1.18.8, 1.17.15, 1.16.19.

Impact

Exploitation of this vulnerability can result in sensitive data being logged in error logs, which could potentially be accessed by unauthorized individuals.

Remediation

Users can upgrade to Vault Community 1.19.3 or Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20. After upgrading, it is advised to rotate any secrets that may have been exposed in the logs.