Filters
Versions
HashiCorp VaultVault Operators in Root Namespace May Elevate Their Privileges
7.2
EPSS
0.05%
First published (updated )
HashiCorp VaultVault Leaks AppRole Client Tokens And Accessor in Audit Log
6.5
EPSS
0.09%
First published (updated )
HashiCorp VaultVault May Expose Sensitive Information When Configuring An Audit Log Device
6.5
First published (updated )
go/github.com/hashicorp/vaultVault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
7.5
EPSS
0.05%
First published (updated )
HashiCorp VaultVault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
7.5
EPSS
0.05%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
HashiCorp VaultVault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
7.6
First published (updated )
HashiCorp VaultVault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
4.9
First published (updated )
HashiCorp VaultVault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
6.8
First published (updated )
HashiCorp VaultVault's LDAP Auth Method Allows for User Enumeration
5.3
First published (updated )
HashiCorp VaultVault Enterprise Namespace Creation May Lead to Denial of Service
4.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
HashiCorp VaultVault’s KV Diff Viewer Allowed for HTML Injection
5.4
First published (updated )
HashiCorp VaultVault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM
2.5
First published (updated )
HashiCorp VaultVault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata
6.5
First published (updated )
HashiCorp VaultVault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations
First published (updated )
HashiCorp VaultVault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Backend
6.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
HashiCorp VaultVault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation
8.1
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the option…
5.3
First published (updated )
HashiCorp VaultAn issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in th…
9.1
First published (updated )
HashiCorp VaultHashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage…
9.1
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce M…
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
HashiCorp Vault"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under cert…
6.5
First published (updated )
HashiCorp VaultVault Enterprise clusters using the tokenization transform feature can expose the tokenization key t…
6.5
First published (updated )
HashiCorp VaultIn HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, cl…
6.8
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would alway…
6.5
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between …
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
HashiCorp VaultHashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to…
5.5
First published (updated )
HashiCorp VaultHashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondar…
5.3
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file ass…
4.4
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between…
5.3
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic …
7.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
HashiCorp VaultHashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets en…
7.5
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revok…
7.5
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when respon…
5.3
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unaut…
5.3
First published (updated )
HashiCorp VaultHashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be execu…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
HashiCorp VaultHashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processe…
5.3
First published (updated )
HashiCorp VaultThe official vault docker images before 0.11.6 contain a blank password for a root user. System usin…
10
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise 1.0 before 1.5.4 have Incorrect Access Control.
9.8
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth…
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
HashiCorp VaultHashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth…
8.2
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances,…
9.1
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, …
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
HashiCorp VaultHashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic s…
7.5
First published (updated )
HashiCorp VaultHashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfig…
8.1
First published (updated )