CVE-2021-38554 — Vulnetix

CVE-2021-38554 PUBLISHED

HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.

EPSS 0.18% · 38.6th percentile

Risk Scores

EPSS Score

0.18%

38.6th percentile

Affected Products

Vendor	Product	Versions
Bitnami	vault	0
Bitnami	vault	0

Timeline

Aug 13, 2021 CVE Published
Aug 14, 2021 EPSS Score
Oct 12, 2021 EPSS Score
Dec 9, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 6, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 5, 2022 EPSS Score
Aug 1, 2022 EPSS Score
Sep 29, 2022 EPSS Score
Nov 26, 2022 EPSS Score
Jan 24, 2023 EPSS Score

References

https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166 url
https://security.gentoo.org/glsa/202207-01 url
https://nvd.nist.gov/vuln/detail/CVE-2021-38554 url

Open in Interactive Console →