Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hashicorp vault vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-30476
HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1.
9.8
CVSSv3
CVE-2020-35192
The official vault docker images prior to 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote malicious user to achieve root access with a blank password.
Hashicorp Vault
9.8
CVSSv3
CVE-2020-12757
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being vali...
Hashicorp Vault
9.1
CVSSv3
CVE-2022-40186
An issue exists in HashiCorp Vault and Vault Enterprise prior to 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue w...
Hashicorp Vault
9.1
CVSSv3
CVE-2022-36129
HashiCorp Vault Enterprise 1.7.0 up to and including 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data los...
Hashicorp Vault
Hashicorp Vault 1.11.0
9.1
CVSSv3
CVE-2021-43837
vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. In versions prior to 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix `!template!`, vault-cli interprets the res...
Vault-cli Project Vault-cli
9.1
CVSSv3
CVE-2020-10661
HashiCorp Vault and Vault Enterprise versions 0.11.0 up to and including 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.
Hashicorp Vault
8.2
CVSSv3
CVE-2020-16250
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..
Hashicorp Vault
1 Github repository
8.2
CVSSv3
CVE-2020-16251
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
Hashicorp Vault
8.1
CVSSv3
CVE-2023-24999
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, ...
Hashicorp Vault
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »