{
  "threat_severity" : "Moderate",
  "public_date" : "2020-05-21T00:00:00Z",
  "bugzilla" : {
    "description" : "vault: Information disclosure from logged proxy environment variables",
    "id" : "2167397",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2167397"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-200",
  "details" : [ "HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.", "A flaw was found in the HashiCorp Vault. The HashiCorp Vault and Vault Enterprise could allow a remote attacker to obtain sensitive information caused by inserting sensitive information into a log file. By accessing the log file, a remote attacker can obtain sensitive information." ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "openshift4/ose-installer",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat Openshift Container Storage 4",
    "fix_state" : "Not affected",
    "package_name" : "ocs4/cephcsi-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_container_storage:4"
  }, {
    "product_name" : "Red Hat Openshift Container Storage 4",
    "fix_state" : "Not affected",
    "package_name" : "ocs4/mcg-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_container_storage:4"
  }, {
    "product_name" : "Red Hat Openshift Container Storage 4",
    "fix_state" : "Not affected",
    "package_name" : "ocs4/ocs-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_container_storage:4"
  }, {
    "product_name" : "Red Hat Openshift Container Storage 4",
    "fix_state" : "Not affected",
    "package_name" : "ocs4/rook-ceph-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_container_storage:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Not affected",
    "package_name" : "odf4/cephcsi-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Not affected",
    "package_name" : "odf4/mcg-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Not affected",
    "package_name" : "odf4/ocs-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Not affected",
    "package_name" : "odf4/odf-multicluster-rhel9-operator",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Not affected",
    "package_name" : "odf4/odf-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Not affected",
    "package_name" : "odf4/odr-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Not affected",
    "package_name" : "odf4/rook-ceph-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-13223\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13223" ],
  "name" : "CVE-2020-13223",
  "csaw" : false
}