Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vault vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-3024
HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
Hashicorp Vault
NA
CVE-2013-1609
Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving prior to 9.0.4 and 10.x prior to 10.0.1 allow local users to gain privileges via a Trojan horse program.
Symantec Enterprise Vault For File System Archiving
Symantec Enterprise Vault For File System Archiving 10.0.0
2 Github repositories
6.8
CVSSv3
CVE-2021-44033
In Ionic Identity Vault prior to 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed.
Ionic Identity Vault
7.5
CVSSv3
CVE-2023-33001
Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and previous versions does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Jenkins Hashicorp Vault
6.5
CVSSv3
CVE-2022-25186
Jenkins HashiCorp Vault Plugin 3.8.0 and previous versions implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.
Jenkins Hashicorp Vault
6.5
CVSSv3
CVE-2022-25197
Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and previous versions implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
Jenkins Hashicorp Vault
5.9
CVSSv3
CVE-2020-14981
The ThreatTrack VIPRE Password Vault app up to and including 1.100.1090 for iOS has Missing SSL Certificate Validation.
Vipre Password Vault
7.5
CVSSv3
CVE-2022-47581
Isode M-Vault 16.0v0 up to and including 17.x prior to 17.0v24 can crash upon an LDAP v1 bind request.
Isode M-vault
6.5
CVSSv3
CVE-2022-36888
A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and previous versions allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys.
Jenkins Hashicorp Vault
6.5
CVSSv3
CVE-2022-23109
Jenkins HashiCorp Vault Plugin 3.7.0 and previous versions does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.
Jenkins Hashicorp Vault
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »