Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hashicorp vault vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2023-3774
An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.
Hashicorp Vault 1.12.8
Hashicorp Vault 1.13.4
Hashicorp Vault 1.14.0
9.1
CVSSv3
CVE-2022-36129
HashiCorp Vault Enterprise 1.7.0 up to and including 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data los...
Hashicorp Vault
Hashicorp Vault 1.11.0
5.3
CVSSv3
CVE-2023-3462
HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vu...
Hashicorp Vault 1.14.0
Hashicorp Vault
1 Github repository
4.9
CVSSv3
CVE-2021-45042
In HashiCorp Vault and Vault Enterprise prior to 1.7.7, 1.8.x prior to 1.8.6, and 1.9.x prior to 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storag...
Hashicorp Vault 1.9.0
Hashicorp Vault
6.5
CVSSv3
CVE-2021-43998
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed i...
Hashicorp Vault
Hashicorp Vault 1.8.4
7.5
CVSSv3
CVE-2021-3282
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
Hashicorp Vault 1.6.0
Hashicorp Vault 1.6.1
5.3
CVSSv3
CVE-2021-27668
HashiCorp Vault Enterprise 0.9.2 up to and including 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.
Hashicorp Vault
7.5
CVSSv3
CVE-2020-7220
HashiCorp Vault Enterprise 0.11.0 up to and including 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.
Hashicorp Vault
6.8
CVSSv3
CVE-2023-4680
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially d...
Hashicorp Vault
7.5
CVSSv3
CVE-2021-27400
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
Hashicorp Vault
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »