advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard

Published 20 hours ago verified publisher icon github

[GHSA-4mgv-m5cm-f9h7] Vault GitHub Action did not correctly mask multi-line secrets in output

Open GAEAlimited opened this issue 1 year ago • 1 comments
trafficstars

Updates

  • Affected products

Comments HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking.

GAEAlimited avatar Jun 30 '24 13:06 GAEAlimited

Hi @GAEAlimited, the pull request seems to be missing the changes you want to make. Could you clarify what you are asking for?

JonathanLEvans avatar Jul 01 '24 14:07 JonathanLEvans