Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hashicorp vault vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5077
The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.
Hashicorp Vault
NA
CVE-2023-2121
Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
Hashicorp Vault
5
CVSSv2
CVE-2021-3024
HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
Hashicorp Vault
NA
CVE-2023-33001
Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and previous versions does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Jenkins Hashicorp Vault
4
CVSSv2
CVE-2022-25186
Jenkins HashiCorp Vault Plugin 3.8.0 and previous versions implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.
Jenkins Hashicorp Vault
4
CVSSv2
CVE-2022-25197
Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and previous versions implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
Jenkins Hashicorp Vault
NA
CVE-2022-36888
A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and previous versions allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys.
Jenkins Hashicorp Vault
4
CVSSv2
CVE-2022-23109
Jenkins HashiCorp Vault Plugin 3.7.0 and previous versions does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.
Jenkins Hashicorp Vault
5
CVSSv2
CVE-2020-24359
HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0.
Hashicorp Vault-ssh-helper
4
CVSSv2
CVE-2020-8567
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/l...
Google Secret Manager Provider For Secret Store Csi Driver
Hashicorp Vault Provider For Secrets Store Csi Driver
Microsoft Azure Key Vault Provider For Secrets Store Csi Driver
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »