CVE-2021-32074

Severity CVSS v4.0:
Pending analysis
Type:
CWE-532 Information Exposure Through Log Files
Publication date:
07/05/2021
Last modified:
14/05/2021

Description

HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:hashicorp:vault-action:*:*:*:*:*:*:*:* 0.1.0 (including) 2.2.0 (excluding)