Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hashicorp vault vulnerabilities and exploits
(subscribe to this query)
6.7
CVSSv3
CVE-2023-0620
HashiCorp Vault and Vault Enterprise versions 0.8.0 up to and including 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized ...
Hashicorp Vault
6.5
CVSSv3
CVE-2023-0665
HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate iss...
Hashicorp Vault
4.7
CVSSv3
CVE-2023-25000
HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may redu...
Hashicorp Vault
1 Github repository
6.5
CVSSv3
CVE-2022-36888
A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and previous versions allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys.
Jenkins Hashicorp Vault
6.5
CVSSv3
CVE-2022-23109
Jenkins HashiCorp Vault Plugin 3.7.0 and previous versions does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.
Jenkins Hashicorp Vault
6.5
CVSSv3
CVE-2022-25186
Jenkins HashiCorp Vault Plugin 3.8.0 and previous versions implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.
Jenkins Hashicorp Vault
6.5
CVSSv3
CVE-2022-25197
Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and previous versions implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
Jenkins Hashicorp Vault
7.5
CVSSv3
CVE-2023-33001
Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and previous versions does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Jenkins Hashicorp Vault
7.5
CVSSv3
CVE-2020-24359
HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0.
Hashicorp Vault-ssh-helper
6.5
CVSSv3
CVE-2020-8567
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/l...
Google Secret Manager Provider For Secret Store Csi Driver
Hashicorp Vault Provider For Secrets Store Csi Driver
Microsoft Azure Key Vault Provider For Secrets Store Csi Driver
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »