Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hashicorp vault vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3774
An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.
Hashicorp Vault 1.12.8
Hashicorp Vault 1.13.4
Hashicorp Vault 1.14.0
NA
CVE-2022-36129
HashiCorp Vault Enterprise 1.7.0 up to and including 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data los...
Hashicorp Vault
Hashicorp Vault 1.11.0
5.5
CVSSv2
CVE-2021-43998
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed i...
Hashicorp Vault
Hashicorp Vault 1.8.4
NA
CVE-2023-3462
HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vu...
Hashicorp Vault 1.14.0
Hashicorp Vault
1 Github repository
6.8
CVSSv2
CVE-2021-45042
In HashiCorp Vault and Vault Enterprise prior to 1.7.7, 1.8.x prior to 1.8.6, and 1.9.x prior to 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storag...
Hashicorp Vault 1.9.0
Hashicorp Vault
5
CVSSv2
CVE-2021-3282
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
Hashicorp Vault 1.6.0
Hashicorp Vault 1.6.1
2.1
CVSSv2
CVE-2021-38553
HashiCorp Vault and Vault Enterprise 1.4.0 up to and including 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
Hashicorp Vault
3.5
CVSSv2
CVE-2021-38554
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
Hashicorp Vault
NA
CVE-2024-0831
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.
Hashicorp Vault
5
CVSSv2
CVE-2022-30689
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. F...
Hashicorp Vault
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »