Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hashicorp vault vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3774
An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.
Hashicorp Vault 1.12.8
Hashicorp Vault 1.13.4
Hashicorp Vault 1.14.0
NA
CVE-2022-36129
HashiCorp Vault Enterprise 1.7.0 up to and including 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data los...
Hashicorp Vault
Hashicorp Vault 1.11.0
6.8
CVSSv2
CVE-2021-45042
In HashiCorp Vault and Vault Enterprise prior to 1.7.7, 1.8.x prior to 1.8.6, and 1.9.x prior to 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storag...
Hashicorp Vault 1.9.0
Hashicorp Vault
NA
CVE-2023-3462
HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vu...
Hashicorp Vault 1.14.0
Hashicorp Vault
1 Github repository
5.5
CVSSv2
CVE-2021-43998
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed i...
Hashicorp Vault
Hashicorp Vault 1.8.4
5
CVSSv2
CVE-2021-3282
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
Hashicorp Vault 1.6.0
Hashicorp Vault 1.6.1
NA
CVE-2023-5954
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.
Hashicorp Vault
4.3
CVSSv2
CVE-2020-7220
HashiCorp Vault Enterprise 0.11.0 up to and including 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.
Hashicorp Vault
7.5
CVSSv2
CVE-2020-12757
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being vali...
Hashicorp Vault
5
CVSSv2
CVE-2020-35177
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
Hashicorp Vault
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »