Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vault vulnerabilities and exploits
(subscribe to this query)
187
VMScore
CVE-2021-38553
HashiCorp Vault and Vault Enterprise 1.4.0 up to and including 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
Hashicorp Vault
445
VMScore
CVE-2021-27668
HashiCorp Vault Enterprise 0.9.2 up to and including 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.
Hashicorp Vault
NA
CVE-2023-25000
HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may redu...
Hashicorp Vault
1 Github repository
NA
CVE-2022-41316
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1....
Hashicorp Vault
516
VMScore
CVE-2020-10661
HashiCorp Vault and Vault Enterprise versions 0.11.0 up to and including 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.
Hashicorp Vault
383
VMScore
CVE-2018-19786
HashiCorp Vault prior to 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.
Hashicorp Vault
383
VMScore
CVE-2020-10660
HashiCorp Vault and Vault Enterprise versions 0.9.0 up to and including 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.
Hashicorp Vault
445
VMScore
CVE-2022-30689
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. F...
Hashicorp Vault
NA
CVE-2023-6337
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the e...
Hashicorp Vault
1 Github repository
NA
CVE-2023-3775
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, ...
Hashicorp Vault
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »