Filter
Versions
HashiCorp VaultVault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM
2.5
First published (updated )
HashiCorp VaultVault’s KV Diff Viewer Allowed for HTML Injection
5.4
First published (updated )
latest-version-hashicorp-vault-1.18 1.18End of life
First published (updated )
EOL-hashicorp-vault-1.18 1.18End of life
First published (updated )
HashiCorp VaultVault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
7.5
EPSS
0.05%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
HashiCorp VaultVault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
7.6
First published (updated )
HashiCorp VaultVault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
6.8
First published (updated )
HashiCorp VaultIn HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, cl…
6.8
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would alway…
6.5
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between …
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
HashiCorp VaultHashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to…
5.5
First published (updated )
HashiCorp VaultVault Operators in Root Namespace May Elevate Their Privileges
7.2
EPSS
0.05%
First published (updated )
HashiCorp VaultVault Enterprise Namespace Creation May Lead to Denial of Service
4.9
First published (updated )
HashiCorp VaultVault's LDAP Auth Method Allows for User Enumeration
5.3
First published (updated )
HashiCorp VaultVault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
4.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
HashiCorp VaultHashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, …
5.3
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth…
8.2
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances,…
9.1
First published (updated )
HashiCorp VaultVault Leaks AppRole Client Tokens And Accessor in Audit Log
6.5
EPSS
0.09%
First published (updated )
EOL-hashicorp-vault-1.17 1.17Reached end of life
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
latest-version-hashicorp-vault-1.17 1.17Reached end of life
First published (updated )
HashiCorp VaultHashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfig…
8.1
First published (updated )
HashiCorp VaultHashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processe…
5.3
First published (updated )
HashiCorp VaultThe official vault docker images before 0.11.6 contain a blank password for a root user. System usin…
10
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
HashiCorp VaultHashiCorp Vault and Vault Enterprise 1.0 before 1.5.4 have Incorrect Access Control.
9.8
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unaut…
5.3
First published (updated )
HashiCorp VaultHashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth…
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.