Vulnerabilites related to HashiCorp - Vault
cve-2023-3774
Vulnerability from cvelistv5
Published
2023-07-28 00:45
Modified
2024-10-22 18:22
Severity ?
EPSS score ?
Summary
An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HashiCorp | Vault Enterprise |
Version: 1.14.0 Version: 1.13.4 Version: 1.12.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:49.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T18:22:20.353490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T18:22:38.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.13.4"
},
{
"status": "affected",
"version": "1.12.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn unhandled error in Vault Enterprise\u0027s namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "An unhandled error in Vault Enterprise\u0027s namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469: HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T21:45:44.680Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617"
}
],
"source": {
"advisory": "HCSEC-2023-23",
"discovery": "INTERNAL"
},
"title": "Vault Enterprise Namespace Creation May Lead to Denial of Service"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-3774",
"datePublished": "2023-07-28T00:45:04.379Z",
"dateReserved": "2023-07-19T14:24:44.833Z",
"dateUpdated": "2024-10-22T18:22:38.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7220
Vulnerability from cvelistv5
Published
2020-01-23 17:41
Modified
2024-08-04 09:25
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:47.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-23T17:41:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hashicorp.com/blog/category/vault/",
"refsource": "MISC",
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020",
"refsource": "CONFIRM",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7220",
"datePublished": "2020-01-23T17:41:28",
"dateReserved": "2020-01-17T00:00:00",
"dateUpdated": "2024-08-04T09:25:47.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0665
Vulnerability from cvelistv5
Published
2023-03-30 00:21
Modified
2025-02-13 16:39
Severity ?
EPSS score ?
Summary
HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.13.0 ≤ Version: 1.12.0 ≤ Version: 1.11.0 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:00:11.247720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:00:17.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.13.1",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"lessThan": "1.12.5",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
},
{
"lessThan": "1.11.9",
"status": "affected",
"version": "1.11.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.13.1",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"lessThan": "1.12.5",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
},
{
"lessThan": "1.11.9",
"status": "affected",
"version": "1.11.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HashiCorp Vault\u0027s PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.."
}
],
"value": "HashiCorp Vault\u0027s PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-26T19:06:23.683Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/"
}
],
"source": {
"advisory": "HCSEC-2023-11",
"discovery": "INTERNAL"
},
"title": "Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-0665",
"datePublished": "2023-03-30T00:21:47.676Z",
"dateReserved": "2023-02-03T21:24:59.629Z",
"dateUpdated": "2025-02-13T16:39:04.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2121
Vulnerability from cvelistv5
Published
2023-06-09 16:59
Modified
2025-01-06 18:15
Severity ?
EPSS score ?
Summary
Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.13.0 ≤ Version: 1.12.0 ≤ Version: 1.11.0 ≤ Version: 1.10.0 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T18:14:31.031750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T18:15:00.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.13.3",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"lessThan": "1.12.7",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
},
{
"lessThan": "1.11.11",
"status": "affected",
"version": "1.11.0",
"versionType": "semver"
},
{
"lessThan": "1.11.0",
"status": "affected",
"version": "1.10.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.13.3",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"lessThan": "1.12.7",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
},
{
"lessThan": "1.11.11",
"status": "affected",
"version": "1.11.0",
"versionType": "semver"
},
{
"lessThan": "1.11.0",
"status": "affected",
"version": "1.10.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vault and Vault Enterprise\u0027s (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11."
}
],
"value": "Vault and Vault Enterprise\u0027s (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-09T16:59:49.065Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Vault\u2019s KV Diff Viewer Allowed for HTML Injection"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-2121",
"datePublished": "2023-06-09T16:59:49.065Z",
"dateReserved": "2023-04-17T14:51:51.916Z",
"dateUpdated": "2025-01-06T18:15:00.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6337
Vulnerability from cvelistv5
Published
2023-12-08 21:12
Modified
2025-02-13 17:26
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.
Fixed in Vault 1.15.4, 1.14.8, 1.13.12.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.12.0 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240112-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "1.14.8",
"status": "unaffected"
},
{
"at": "1.13.2",
"status": "unaffected"
}
],
"lessThan": "1.15.4",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "1.14.8",
"status": "unaffected"
},
{
"at": "1.13.2",
"status": "unaffected"
}
],
"lessThan": "1.15.4",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eHashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.\u003cbr\u003e\u003cbr\u003eFixed in\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eVault 1.15.4, 1.14.8, 1.13.12.\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.\n\nFixed in\u00a0Vault 1.15.4, 1.14.8, 1.13.12."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T14:06:26.047Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240112-0006/"
}
],
"source": {
"advisory": "HCSEC-2023-34",
"discovery": "USER"
},
"title": "Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-6337",
"datePublished": "2023-12-08T21:12:31.712Z",
"dateReserved": "2023-11-27T18:55:16.606Z",
"dateUpdated": "2025-02-13T17:26:18.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4680
Vulnerability from cvelistv5
Published
2023-09-14 23:06
Modified
2024-09-26 17:38
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.14.0 ≤ Version: 1.13.0 ≤ Version: 1.12.0 ≤ Version: 1.6.0 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vault",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.14.3",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
},
{
"lessThan": "1.13.7",
"status": "affected",
"version": "1.13.0",
"versionType": "custom"
},
{
"lessThan": "1.12.11",
"status": "affected",
"version": "1.12.0",
"versionType": "custom"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "1.6.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:hashicorp:vault_enterprise:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vault_enterprise",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.14.3",
"status": "affected",
"version": "1.14.0",
"versionType": "custom"
},
{
"lessThan": "1.13.7",
"status": "affected",
"version": "1.13.0",
"versionType": "custom"
},
{
"lessThan": "1.12.11",
"status": "affected",
"version": "1.12.0",
"versionType": "custom"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "1.6.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T19:52:32.242060Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T19:58:36.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.14.3",
"status": "affected",
"version": "1.14.0",
"versionType": "semver"
},
{
"lessThan": "1.13.7",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"lessThan": "1.12.11",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault Enterprise",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.14.3",
"status": "affected",
"version": "1.14.0",
"versionType": "semver"
},
{
"lessThan": "1.13.7",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"lessThan": "1.12.11",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11."
}
],
"impacts": [
{
"capecId": "CAPEC-220",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-220: Cryptanalysis"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-323",
"description": "CWE-323: Reusing a Nonce, Key Pair in Encryption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:38:48.629Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249"
}
],
"source": {
"advisory": "HCSEC-2023-28",
"discovery": "EXTERNAL"
},
"title": "Vault\u0027s Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-4680",
"datePublished": "2023-09-14T23:06:24.546Z",
"dateReserved": "2023-08-31T15:50:09.764Z",
"dateUpdated": "2024-09-26T17:38:48.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35192
Vulnerability from cvelistv5
Published
2020-12-17 01:33
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/koharin/koharin2/blob/main/CVE-2020-35192 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:06.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T01:33:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192",
"refsource": "MISC",
"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35192",
"datePublished": "2020-12-17T01:33:02",
"dateReserved": "2020-12-12T00:00:00",
"dateUpdated": "2024-08-04T17:02:06.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-16250
Vulnerability from cvelistv5
Published
2020-08-26 14:17
Modified
2024-08-04 13:37
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T18:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hashicorp.com/blog/category/vault/",
"refsource": "MISC",
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151",
"refsource": "MISC",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151"
},
{
"name": "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16250",
"datePublished": "2020-08-26T14:17:44",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42135
Vulnerability from cvelistv5
Published
2021-10-11 02:52
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-11T02:52:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42135",
"datePublished": "2021-10-11T02:52:59",
"dateReserved": "2021-10-11T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3024
Vulnerability from cvelistv5
Published
2021-02-01 15:45
Modified
2024-08-03 16:45
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:50.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 \u0026 1.5.7."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T20:09:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 \u0026 1.5.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334"
},
{
"name": "GLSA-202207-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202207-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3024",
"datePublished": "2021-02-01T15:45:23",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T16:45:50.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25243
Vulnerability from cvelistv5
Published
2022-03-07 21:45
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com | x_refsource_MISC | |
| https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T20:09:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.hashicorp.com",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com"
},
{
"name": "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600"
},
{
"name": "GLSA-202207-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202207-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25243",
"datePublished": "2022-03-07T21:45:16",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45042
Vulnerability from cvelistv5
Published
2021-12-17 13:38
Modified
2024-08-04 04:32
Severity ?
EPSS score ?
Summary
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault | x_refsource_MISC | |
| https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hashicorp.com/blog/category/vault"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T20:07:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hashicorp.com/blog/category/vault"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hashicorp.com/blog/category/vault",
"refsource": "MISC",
"url": "https://www.hashicorp.com/blog/category/vault"
},
{
"name": "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157"
},
{
"name": "GLSA-202207-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202207-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45042",
"datePublished": "2021-12-17T13:38:51",
"dateReserved": "2021-12-13T00:00:00",
"dateUpdated": "2024-08-04T04:32:13.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41316
Vulnerability from cvelistv5
Published
2022-10-12 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:42:44.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221201-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise\u2019s TLS certificate auth method did not initially load the optionally configured CRL issued by the role\u0027s CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-02T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://discuss.hashicorp.com"
},
{
"url": "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221201-0001/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-41316",
"datePublished": "2022-10-12T00:00:00",
"dateReserved": "2022-09-23T00:00:00",
"dateUpdated": "2024-08-03T12:42:44.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2197
Vulnerability from cvelistv5
Published
2023-05-01 19:41
Modified
2025-02-13 16:40
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HashiCorp | Vault Enterprise |
Version: 1.13.0 ≤ 1.13.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230609-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T15:18:23.974609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T15:20:35.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"x86",
"64 bit",
"32 bit"
],
"product": "Vault Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"lessThanOrEqual": "1.13.1",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the\u0026nbsp;CKM_AES_CBC_PAD or\u0026nbsp;CKM_AES_CBC encryption mechanisms.\u0026nbsp;An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault\u2019s root key. Fixed in 1.13.2"
}
],
"value": "HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the\u00a0CKM_AES_CBC_PAD or\u00a0CKM_AES_CBC encryption mechanisms.\u00a0An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault\u2019s root key. Fixed in 1.13.2"
}
],
"impacts": [
{
"capecId": "CAPEC-463",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-463 Padding Oracle Crypto Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-09T07:06:37.124Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230609-0007/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-2197",
"datePublished": "2023-05-01T19:41:17.600Z",
"dateReserved": "2023-04-20T19:03:10.324Z",
"dateUpdated": "2025-02-13T16:40:36.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-16251
Vulnerability from cvelistv5
Published
2020-08-26 14:19
Modified
2024-08-04 13:37
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T18:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hashicorp.com/blog/category/vault/",
"refsource": "MISC",
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151",
"refsource": "MISC",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151"
},
{
"name": "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16251",
"datePublished": "2020-08-26T14:19:55",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10660
Vulnerability from cvelistv5
Published
2020-03-23 12:55
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity\u0027s Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-23T12:55:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity\u0027s Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hashicorp.com/blog/category/vault/",
"refsource": "MISC",
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020",
"refsource": "CONFIRM",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10660",
"datePublished": "2020-03-23T12:55:42",
"dateReserved": "2020-03-18T00:00:00",
"dateUpdated": "2024-08-04T11:06:10.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29653
Vulnerability from cvelistv5
Published
2021-04-22 16:41
Modified
2024-08-03 22:11
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:06.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T16:41:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2",
"refsource": "CONFIRM",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29653",
"datePublished": "2021-04-22T16:41:46",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-08-03T22:11:06.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25000
Vulnerability from cvelistv5
Published
2023-03-30 00:17
Modified
2025-02-13 16:44
Severity ?
EPSS score ?
Summary
HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.13.0 ≤ Version: 1.12.0 ≤ Version: 1.11.0 ≤ Version: 0 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:02:13.804694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:02:17.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.13.1",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"lessThan": "1.12.5",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
},
{
"lessThan": "1.11.9",
"status": "affected",
"version": "1.11.0",
"versionType": "semver"
},
{
"lessThan": "1.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.13.1",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"lessThan": "1.12.5",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
},
{
"lessThan": "1.11.9",
"status": "affected",
"version": "1.11.0",
"versionType": "semver"
},
{
"lessThan": "1.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Giuseppe Cocomazzi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HashiCorp Vault\u0027s implementation of Shamir\u0027s secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9."
}
],
"value": "HashiCorp Vault\u0027s implementation of Shamir\u0027s secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9."
}
],
"impacts": [
{
"capecId": "CAPEC-204",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-204 Lifting Sensitive Data Embedded in Cache"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-26T19:06:26.655Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/"
}
],
"source": {
"advisory": "HCSEC-2023-10",
"discovery": "EXTERNAL"
},
"title": "Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-25000",
"datePublished": "2023-03-30T00:17:46.230Z",
"dateReserved": "2023-02-01T17:54:13.893Z",
"dateUpdated": "2025-02-13T16:44:28.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43998
Vulnerability from cvelistv5
Published
2021-11-30 14:59
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T20:09:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132"
},
{
"name": "GLSA-202207-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202207-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43998",
"datePublished": "2021-11-30T14:59:08",
"dateReserved": "2021-11-17T00:00:00",
"dateUpdated": "2024-08-04T04:10:17.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36129
Vulnerability from cvelistv5
Published
2022-07-26 22:21
Modified
2024-08-03 10:00
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com | x_refsource_MISC | |
| https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220901-0011/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:01.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0011/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-01T13:06:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0011/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.hashicorp.com",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com"
},
{
"name": "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220901-0011/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220901-0011/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36129",
"datePublished": "2022-07-26T22:21:51",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2024-08-03T10:00:01.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35453
Vulnerability from cvelistv5
Published
2020-12-17 04:22
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:07.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault Enterprise\u2019s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T04:22:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault Enterprise\u2019s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161",
"refsource": "CONFIRM",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161"
},
{
"name": "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983",
"refsource": "CONFIRM",
"url": "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35453",
"datePublished": "2020-12-17T04:22:34",
"dateReserved": "2020-12-14T00:00:00",
"dateUpdated": "2024-08-04T17:02:07.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12757
Vulnerability from cvelistv5
Published
2020-06-10 18:46
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_CONFIRM | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T18:31:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hashicorp.com/blog/category/vault/",
"refsource": "CONFIRM",
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020",
"refsource": "MISC",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12757",
"datePublished": "2020-06-10T18:46:12",
"dateReserved": "2020-05-09T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3462
Vulnerability from cvelistv5
Published
2023-07-31 22:40
Modified
2024-10-21 18:04
Severity ?
EPSS score ?
Summary
HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.13.0 ≤ 1.13.4 Version: 1.14.0 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T18:04:26.770286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T18:04:40.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"64 bit",
"32 bit",
"ARM"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThanOrEqual": "1.13.4",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.14.0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"lessThanOrEqual": "1.13.4",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.14.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jared Johnstone"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HashiCorp\u0027s Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5."
}
],
"value": "HashiCorp\u0027s Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575 Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T22:40:23.432Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Vault\u0027s LDAP Auth Method Allows for User Enumeration"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-3462",
"datePublished": "2023-07-31T22:40:23.432Z",
"dateReserved": "2023-06-29T19:00:52.239Z",
"dateUpdated": "2024-10-21T18:04:40.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10661
Vulnerability from cvelistv5
Published
2020-03-23 12:57
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-23T12:57:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hashicorp.com/blog/category/vault/",
"refsource": "MISC",
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020",
"refsource": "CONFIRM",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10661",
"datePublished": "2020-03-23T12:57:03",
"dateReserved": "2020-03-18T00:00:00",
"dateUpdated": "2024-08-04T11:06:10.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5077
Vulnerability from cvelistv5
Published
2023-09-28 23:24
Modified
2024-09-26 21:57
Severity ?
EPSS score ?
Summary
The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 0.10.0 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vault",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.13.0",
"status": "affected",
"version": "0.10.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vault",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.13.0",
"status": "affected",
"version": "00.10.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T18:01:43.234358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T18:04:49.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.13.0",
"status": "affected",
"version": "0.10.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault Enterprise",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.13.0",
"status": "affected",
"version": "0.10.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Vault and Vault Enterprise (\"Vault\") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "The Vault and Vault Enterprise (\"Vault\") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122: Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266: Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T21:57:22.469Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654"
}
],
"source": {
"advisory": "HCSEC-2023-30",
"discovery": "EXTERNAL"
},
"title": "Vault\u0027s Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-5077",
"datePublished": "2023-09-28T23:24:28.643Z",
"dateReserved": "2023-09-19T20:49:08.136Z",
"dateUpdated": "2024-09-26T21:57:22.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3282
Vulnerability from cvelistv5
Published
2021-02-01 15:38
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:16.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault Enterprise 1.6.0 \u0026 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T20:08:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault Enterprise 1.6.0 \u0026 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337"
},
{
"name": "GLSA-202207-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202207-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3282",
"datePublished": "2021-02-01T15:38:48",
"dateReserved": "2021-01-22T00:00:00",
"dateUpdated": "2024-08-03T16:53:16.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5798
Vulnerability from cvelistv5
Published
2024-06-12 18:55
Modified
2024-08-01 21:25
Severity ?
EPSS score ?
Summary
Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected.
This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 0.11.0 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T19:32:41.996739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T19:32:53.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:02.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2024-11-vault-incorrectly-validated-json-web-tokens-jwt-audience-claims/67770"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "1.15.9",
"status": "unaffected"
},
{
"at": "1.14.13",
"status": "unaffected"
}
],
"lessThan": "1.16.2",
"status": "affected",
"version": "0.11.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault Enterprise",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "1.15.9",
"status": "unaffected"
},
{
"at": "1.14.13",
"status": "unaffected"
}
],
"lessThan": "1.16.2",
"status": "affected",
"version": "0.11.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected.\n\nThis vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected.\n\nThis vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9"
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T18:55:24.788Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-11-vault-incorrectly-validated-json-web-tokens-jwt-audience-claims/67770"
}
],
"source": {
"advisory": "HCSEC-2024-HCSEC-2024-11",
"discovery": "EXTERNAL"
},
"title": "Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2024-5798",
"datePublished": "2024-06-12T18:55:24.788Z",
"dateReserved": "2024-06-10T15:46:30.387Z",
"dateUpdated": "2024-08-01T21:25:02.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19786
Vulnerability from cvelistv5
Published
2018-12-05 09:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-05T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018",
"refsource": "CONFIRM",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19786",
"datePublished": "2018-12-05T09:00:00",
"dateReserved": "2018-11-30T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0620
Vulnerability from cvelistv5
Published
2023-03-30 00:28
Modified
2025-02-13 16:39
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.
This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.13.0 ≤ Version: 1.12.0 ≤ Version: 0.8.0 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T14:59:29.534068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T14:59:38.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.13.1",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"lessThan": "1.12.5",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
},
{
"lessThan": "1.11.9",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Android",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.13.1",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"lessThan": "1.12.5",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
},
{
"lessThan": "1.11.9",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Yuval Ostrovsky, Gal Goldshtein, Daniel Abeles of Oxeye"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.\u003c/p\u003eThis issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9."
}
],
"value": "HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.\n\nThis issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-26T19:06:25.161Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/"
}
],
"source": {
"advisory": "HCSEC-2023-12",
"discovery": "EXTERNAL"
},
"title": "Vault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Backend"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-0620",
"datePublished": "2023-03-30T00:28:13.301Z",
"dateReserved": "2023-02-01T21:59:23.556Z",
"dateUpdated": "2025-02-13T16:39:02.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-2660
Vulnerability from cvelistv5
Published
2024-04-04 17:55
Modified
2024-09-26 00:13
Severity ?
EPSS score ?
Summary
Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.14.0 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T16:05:40.204182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:29:09.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:18:48.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.16.0",
"status": "affected",
"version": "1.14.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault Enterprise",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "1.14.11",
"status": "unaffected"
},
{
"at": "1.15.7",
"status": "unaffected"
}
],
"lessThan": "1.16.0",
"status": "affected",
"version": "1.14.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11."
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26: Leveraging Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-636",
"description": "CWE-636: Not Failing Securely (Failing Open)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T00:13:17.242Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573"
}
],
"source": {
"advisory": "HCSEC-2024-07",
"discovery": "INTERNAL"
},
"title": "Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2024-2660",
"datePublished": "2024-04-04T17:55:20.192Z",
"dateReserved": "2024-03-19T17:34:27.401Z",
"dateUpdated": "2024-09-26T00:13:17.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35177
Vulnerability from cvelistv5
Published
2020-12-17 04:17
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161 | x_refsource_CONFIRM | |
| https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:06.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T17:58:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161",
"refsource": "CONFIRM",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161"
},
{
"name": "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984",
"refsource": "CONFIRM",
"url": "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35177",
"datePublished": "2020-12-17T04:17:27",
"dateReserved": "2020-12-11T00:00:00",
"dateUpdated": "2024-08-04T17:02:06.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27400
Vulnerability from cvelistv5
Published
2021-04-22 16:48
Modified
2024-08-03 20:48
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:16.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T16:48:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463",
"refsource": "CONFIRM",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27400",
"datePublished": "2021-04-22T16:48:07",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T20:48:16.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8365
Vulnerability from cvelistv5
Published
2024-09-02 01:30
Modified
2024-09-04 17:18
Severity ?
EPSS score ?
Summary
Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.17.3 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T13:51:10.738646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T13:51:51.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.17.5",
"status": "affected",
"version": "1.17.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault Enterprise",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "1.16.9",
"status": "unaffected"
},
{
"at": "1.17.3",
"status": "unaffected"
}
],
"lessThan": "1.17.5",
"status": "affected",
"version": "1.16.7",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC\u2019d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC\u2019d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9."
}
],
"impacts": [
{
"capecId": "CAPEC-118",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-118: Collect and Analyze Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T17:18:36.980Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-18-vault-leaks-client-token-and-token-accessor-in-audit-devices/"
}
],
"source": {
"advisory": "HCSEC-2024-HCSEC-2024-18",
"discovery": "INTERNAL"
},
"title": "Vault Leaks AppRole Client Tokens And Accessor in Audit Log"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2024-8365",
"datePublished": "2024-09-02T01:30:56.618Z",
"dateReserved": "2024-08-30T22:54:58.745Z",
"dateUpdated": "2024-09-04T17:18:36.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27668
Vulnerability from cvelistv5
Published
2021-08-31 17:01
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T20:06:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427"
},
{
"name": "GLSA-202207-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202207-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27668",
"datePublished": "2021-08-31T17:01:43",
"dateReserved": "2021-02-24T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7594
Vulnerability from cvelistv5
Published
2024-09-26 19:52
Modified
2025-01-10 13:06
Severity ?
EPSS score ?
Summary
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.7.7 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hashicorp:vault_enterprise:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vault_enterprise",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.17.6",
"status": "affected",
"version": "1.7.7",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.16.9"
},
{
"status": "affected",
"version": "1.15.14"
}
]
},
{
"cpes": [
"cpe:2.3:a:hashicorp:vault_community_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vault_community_edition",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.17.6",
"status": "affected",
"version": "1.7.7",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T20:24:40.797176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:29:58.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-10T13:06:49.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250110-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.17.6",
"status": "affected",
"version": "1.7.7",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault Enterprise",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "1.16.10",
"status": "unaffected"
},
{
"at": "1.15.15",
"status": "unaffected"
}
],
"lessThan": "1.17.6",
"status": "affected",
"version": "1.7.7",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVault\u2019s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault\u2019s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "Vault\u2019s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault\u2019s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:56:15.934Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-20-vault-ssh-secrets-engine-configuration-did-not-restrict-valid-principals-by-default/70251"
}
],
"source": {
"advisory": "HCSEC-2024-20",
"discovery": "EXTERNAL"
},
"title": "Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2024-7594",
"datePublished": "2024-09-26T19:52:55.652Z",
"dateReserved": "2024-08-07T17:46:31.343Z",
"dateUpdated": "2025-01-10T13:06:49.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9180
Vulnerability from cvelistv5
Published
2024-10-10 20:54
Modified
2024-11-08 22:27
Severity ?
EPSS score ?
Summary
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 0.10.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vault",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.18.0",
"status": "affected",
"version": "0.10.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vault",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.18.0",
"status": "affected",
"version": "0.10.4",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "1.17.7"
},
{
"status": "unaffected",
"version": "1.16.11"
},
{
"status": "unaffected",
"version": "1.15.16"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T15:34:50.417514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T22:27:31.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.18.0",
"status": "affected",
"version": "0.10.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault Enterprise",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "1.17.7",
"status": "unaffected"
},
{
"at": "1.16.10",
"status": "unaffected"
},
{
"at": "1.15.16",
"status": "unaffected"
}
],
"lessThan": "1.18.0",
"status": "affected",
"version": "0.10.4",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their own or another user\u2019s privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "A privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their own or another user\u2019s privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233: Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266: Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T19:48:21.134Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565"
}
],
"source": {
"advisory": "HCSEC-2024-21",
"discovery": "INTERNAL"
},
"title": "Vault Operators in Root Namespace May Elevate Their Privileges"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2024-9180",
"datePublished": "2024-10-10T20:54:57.084Z",
"dateReserved": "2024-09-25T18:00:56.306Z",
"dateUpdated": "2024-11-08T22:27:31.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-2048
Vulnerability from cvelistv5
Published
2024-03-04 19:56
Modified
2025-02-13 17:32
Severity ?
EPSS score ?
Summary
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.15.5 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:37.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0009/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hashicorp:vault:1.15.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vault",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.16.0",
"status": "affected",
"version": "1.15.5",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:hashicorp:vault_enterprise:1.15.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vault_enterprise",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.16.0",
"status": "affected",
"version": "1.15.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2048",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T15:35:21.923628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T15:18:54.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "1.14.10",
"status": "unaffected"
}
],
"lessThan": "1.16.0",
"status": "affected",
"version": "1.15.5",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault Enterprise",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "1.14.10",
"status": "unaffected"
}
],
"lessThan": "1.16.0",
"status": "affected",
"version": "1.15.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVault and Vault Enterprise (\u201cVault\u201d) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "Vault and Vault Enterprise (\u201cVault\u201d) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115: Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:10:19.447Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240524-0009/"
}
],
"source": {
"advisory": "HCSEC-2024-05",
"discovery": "EXTERNAL"
},
"title": "Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2024-2048",
"datePublished": "2024-03-04T19:56:47.253Z",
"dateReserved": "2024-03-01T00:03:34.034Z",
"dateUpdated": "2025-02-13T17:32:32.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13223
Vulnerability from cvelistv5
Published
2020-06-10 18:45
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T18:51:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hashicorp.com/blog/category/vault/",
"refsource": "MISC",
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020",
"refsource": "MISC",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13223",
"datePublished": "2020-06-10T18:45:28",
"dateReserved": "2020-05-20T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5954
Vulnerability from cvelistv5
Published
2023-11-09 20:13
Modified
2025-02-13 17:25
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.15.0 Version: 1.15.1 Version: 1.14.3 Version: 1.14.4 Version: 1.14.5 Version: 1.13.7 Version: 1.13.8 Version: 1.13.9 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231227-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault",
"vendor": "HashiCorp",
"versions": [
{
"status": "affected",
"version": "1.15.0"
},
{
"status": "affected",
"version": "1.15.1"
},
{
"status": "affected",
"version": "1.14.3"
},
{
"status": "affected",
"version": "1.14.4"
},
{
"status": "affected",
"version": "1.14.5"
},
{
"status": "affected",
"version": "1.13.7"
},
{
"status": "affected",
"version": "1.13.8"
},
{
"status": "affected",
"version": "1.13.9"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"status": "affected",
"version": "1.15.0"
},
{
"status": "affected",
"version": "1.15.1"
},
{
"status": "affected",
"version": "1.14.3"
},
{
"status": "affected",
"version": "1.14.4"
},
{
"status": "affected",
"version": "1.14.5"
},
{
"status": "affected",
"version": "1.13.7"
},
{
"status": "affected",
"version": "1.13.8"
},
{
"status": "affected",
"version": "1.13.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10."
}
],
"value": "HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401: Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-27T15:06:30.558Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231227-0001/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-5954",
"datePublished": "2023-11-09T20:13:49.346Z",
"dateReserved": "2023-11-03T16:18:00.469Z",
"dateUpdated": "2025-02-13T17:25:58.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3775
Vulnerability from cvelistv5
Published
2023-09-28 23:17
Modified
2024-09-26 21:50
Severity ?
EPSS score ?
Summary
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HashiCorp | Vault Enterprise |
Version: 1.14.0 ≤ Version: 1.13.0 ≤ Version: 0.11.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T18:05:23.828194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T18:05:32.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.14.4",
"status": "affected",
"version": "1.14.0",
"versionType": "semver"
},
{
"lessThan": "1.13.8",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "0.11.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469: HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266: Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T21:50:59.474Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653"
}
],
"source": {
"advisory": "HCSEC-2023-29",
"discovery": "EXTERNAL"
},
"title": "Vault Enterprise\u0027s Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-3775",
"datePublished": "2023-09-28T23:17:24.349Z",
"dateReserved": "2023-07-19T14:34:43.733Z",
"dateUpdated": "2024-09-26T21:50:59.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25244
Vulnerability from cvelistv5
Published
2022-03-07 21:41
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T21:41:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.hashicorp.com",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com"
},
{
"name": "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25244",
"datePublished": "2022-03-07T21:41:52",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41802
Vulnerability from cvelistv5
Published
2021-10-08 17:00
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/ | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:24.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user\u2019s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:N/PR:H/S:C/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T20:06:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user\u2019s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:N/PR:H/S:C/UI:R",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/"
},
{
"name": "GLSA-202207-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202207-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41802",
"datePublished": "2021-10-08T17:00:01",
"dateReserved": "2021-09-29T00:00:00",
"dateUpdated": "2024-08-04T03:22:24.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40186
Vulnerability from cvelistv5
Published
2022-09-22 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221111-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://discuss.hashicorp.com"
},
{
"url": "https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221111-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40186",
"datePublished": "2022-09-22T00:00:00",
"dateReserved": "2022-09-08T00:00:00",
"dateUpdated": "2024-08-03T12:14:39.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24999
Vulnerability from cvelistv5
Published
2023-03-10 23:12
Modified
2025-02-13 16:44
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.12.0 ≤ Version: 1.11.0 ≤ Version: 0 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230505-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.12.4",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
},
{
"lessThan": "1.11.8",
"status": "affected",
"version": "1.11.0",
"versionType": "semver"
},
{
"lessThan": "1.10.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.12.4",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
},
{
"lessThan": "1.11.8",
"status": "affected",
"version": "1.11.0",
"versionType": "semver"
},
{
"lessThan": "1.10.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHashiCorp Vault and Vault Enterprise\u2019s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "HashiCorp Vault and Vault Enterprise\u2019s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-05T19:06:12.956Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230505-0001/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-24999",
"datePublished": "2023-03-10T23:12:47.638Z",
"dateReserved": "2023-02-01T17:54:13.893Z",
"dateUpdated": "2025-02-13T16:44:28.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38553
Vulnerability from cvelistv5
Published
2021-08-13 15:48
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T20:07:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168"
},
{
"name": "GLSA-202207-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202207-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38553",
"datePublished": "2021-08-13T15:48:47",
"dateReserved": "2021-08-11T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25816
Vulnerability from cvelistv5
Published
2020-09-30 19:44
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault | x_refsource_MISC | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hashicorp.com/blog/category/vault"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T18:26:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hashicorp.com/blog/category/vault"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hashicorp.com/blog/category/vault",
"refsource": "MISC",
"url": "https://www.hashicorp.com/blog/category/vault"
},
{
"name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154",
"refsource": "CONFIRM",
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25816",
"datePublished": "2020-09-30T19:44:01",
"dateReserved": "2020-09-23T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25594
Vulnerability from cvelistv5
Published
2021-02-01 15:41
Modified
2024-08-04 15:33
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 \u0026 1.5.7."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T20:07:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 \u0026 1.5.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336"
},
{
"name": "GLSA-202207-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202207-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25594",
"datePublished": "2021-02-01T15:41:36",
"dateReserved": "2020-09-15T00:00:00",
"dateUpdated": "2024-08-04T15:33:05.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8185
Vulnerability from cvelistv5
Published
2024-10-31 15:14
Modified
2024-10-31 17:11
Severity ?
EPSS score ?
Summary
Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.
This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.2.0 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vault",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.18.1",
"status": "affected",
"version": "1.2.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.17.8"
},
{
"status": "unaffected",
"version": "1.16.12"
}
]
},
{
"cpes": [
"cpe:2.3:a:hashicorp:vault:*:*:*:*:community:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vault",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.18.1",
"status": "affected",
"version": "1.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T16:54:01.728268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T17:11:35.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.18.1",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault Enterprise",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "1.17.8",
"status": "unaffected"
},
{
"at": "1.16.12",
"status": "unaffected"
}
],
"lessThan": "1.18.1",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVault Community and Vault Enterprise (\u201cVault\u201d) clusters using Vault\u2019s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.\n\nThis vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "Vault Community and Vault Enterprise (\u201cVault\u201d) clusters using Vault\u2019s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.\n\nThis vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469: HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-636",
"description": "CWE-636: Not Failing Securely (Failing Open)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T15:14:55.145Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-26-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-processing-raft-cluster-join-requests/71047"
}
],
"source": {
"advisory": "HCSEC-2024-26",
"discovery": "INTERNAL"
},
"title": "Vault Vulnerable to Denial of Service When Processing Raft Join Requests"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2024-8185",
"datePublished": "2024-10-31T15:14:55.145Z",
"dateReserved": "2024-08-26T16:24:04.547Z",
"dateUpdated": "2024-10-31T17:11:35.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32923
Vulnerability from cvelistv5
Published
2021-06-03 10:38
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
| https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T20:08:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hashicorp.com/blog/category/vault/",
"refsource": "MISC",
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"name": "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603"
},
{
"name": "GLSA-202207-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202207-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32923",
"datePublished": "2021-06-03T10:38:26",
"dateReserved": "2021-05-13T00:00:00",
"dateUpdated": "2024-08-03T23:33:56.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-6468
Vulnerability from cvelistv5
Published
2024-07-11 20:40
Modified
2024-08-01 21:41
Severity ?
EPSS score ?
Summary
Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service.
While this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur.
Fixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.10.0 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vault",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.15.11",
"status": "affected",
"version": "1.10.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:hashicorp:vault_enterprise:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vault_enterprise",
"vendor": "hashicorp",
"versions": [
{
"lessThan": "1.15.11",
"status": "affected",
"version": "1.10.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T14:14:37.815771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T14:16:55.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2024-14-vault-vulnerable-to-denial-of-service-when-setting-a-proxy-protocol-behavior/68518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.15.11",
"status": "affected",
"version": "1.10.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault Enterprise",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.15.11",
"status": "affected",
"version": "1.10.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service.\n\nWhile this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur.\n\nFixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service.\n\nWhile this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur.\n\nFixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469: HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T20:40:12.298Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-14-vault-vulnerable-to-denial-of-service-when-setting-a-proxy-protocol-behavior/68518"
}
],
"source": {
"advisory": "HCSEC-2024-HCSEC-2024-14",
"discovery": "INTERNAL"
},
"title": "Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2024-6468",
"datePublished": "2024-07-11T20:40:12.298Z",
"dateReserved": "2024-07-03T03:55:06.235Z",
"dateUpdated": "2024-08-01T21:41:03.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0831
Vulnerability from cvelistv5
Published
2024-02-01 01:41
Modified
2025-02-13 17:27
Severity ?
EPSS score ?
Summary
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.15.0 ≤ 1.15.4 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-01T14:27:53.989443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:51.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311"
},
{
"tags": [
"x_transferred"
],
"url": "https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240223-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThanOrEqual": "1.15.4",
"status": "affected",
"version": "1.15.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"lessThanOrEqual": "1.15.4",
"status": "affected",
"version": "1.15.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVault and Vault Enterprise (\u201cVault\u201d) \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emay expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Vault and Vault Enterprise (\u201cVault\u201d) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`."
}
],
"impacts": [
{
"capecId": "CAPEC-268",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-268 Audit Log Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-23T16:06:01.441Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311"
},
{
"url": "https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240223-0005/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Vault May Expose Sensitive Information When Configuring An Audit Log Device"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2024-0831",
"datePublished": "2024-02-01T01:41:33.801Z",
"dateReserved": "2024-01-23T17:42:40.228Z",
"dateUpdated": "2025-02-13T17:27:29.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30689
Vulnerability from cvelistv5
Published
2022-05-17 17:23
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220629-0006/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220629-0006/"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T20:07:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220629-0006/"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.hashicorp.com",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220629-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220629-0006/"
},
{
"name": "GLSA-202207-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202207-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30689",
"datePublished": "2022-05-17T17:23:05",
"dateReserved": "2022-05-13T00:00:00",
"dateUpdated": "2024-08-03T06:56:13.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38554
Vulnerability from cvelistv5
Published
2021-08-13 15:45
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise\u2019s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-01T20:09:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166"
},
{
"name": "GLSA-202207-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HashiCorp Vault and Vault Enterprise\u2019s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166"
},
{
"name": "GLSA-202207-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202207-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38554",
"datePublished": "2021-08-13T15:45:50",
"dateReserved": "2021-08-11T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-02-01 16:15
Modified
2024-11-21 06:20
Severity ?
Summary
HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "32DD844D-4C10-450D-9017-D5870DF07738",
"versionEndExcluding": "1.5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "11FF3556-E92E-423B-86E5-175BD43F9192",
"versionEndExcluding": "1.5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "6FA59962-1063-4AA3-8B24-C8C6FD2C7341",
"versionEndExcluding": "1.6.2",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "4F85653B-E5DE-4654-A520-1573CD4F46DF",
"versionEndExcluding": "1.6.2",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 \u0026 1.5.7."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise revelaron la direcci\u00f3n IP interna del nodo de Vault al responder a algunas peticiones HTTP no v\u00e1lidas y no autenticadas.\u0026#xa0;Corregido en las versiones 1.6.2 y 1.5.7"
}
],
"id": "CVE-2021-3024",
"lastModified": "2024-11-21T06:20:46.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-01T16:15:13.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-05 09:29
Modified
2024-11-21 03:58
Severity ?
Summary
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83DCD820-25B5-4395-9742-E198FD32A763",
"versionEndExcluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported."
},
{
"lang": "es",
"value": "HashiCorp Vault en versiones anteriores a la 1.0.0 escribe la clave maestra en el registro del servidor en ciertos escenarios inusuales o mal configurados, en los cuales los datos incorrectos provienen del mecanismo de autosellado sin que se reporte un error."
}
],
"id": "CVE-2018-19786",
"lastModified": "2024-11-21T03:58:33.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-05T09:29:00.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-02 05:15
Modified
2024-09-04 14:37
Severity ?
6.2 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "42D075A3-0E7A-4EC6-96AF-55CD4B5E0722",
"versionEndExcluding": "1.16.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7249EEB1-D26D-4924-A69A-17C63F7B0693",
"versionEndExcluding": "1.17.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "61BDF0C9-6DA7-496D-8181-6EDF20271239",
"versionEndExcluding": "1.17.5",
"versionStartIncluding": "1.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC\u2019d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9."
},
{
"lang": "es",
"value": "Vault Community Edition y Vault Enterprise experimentaron una regresi\u00f3n en la que se elimin\u00f3 la funcionalidad que codificaba mediante HMAC los encabezados confidenciales en el dispositivo de auditor\u00eda configurado, espec\u00edficamente los tokens de cliente y los descriptores de acceso de token. Esto provoc\u00f3 que los valores de texto sin formato de los tokens de cliente y los descriptores de acceso de token se almacenaran en el registro de auditor\u00eda. Esta vulnerabilidad, CVE-2024-8365, se solucion\u00f3 en Vault Community Edition y Vault Enterprise 1.17.5 y Vault Enterprise 1.16.9."
}
],
"id": "CVE-2024-8365",
"lastModified": "2024-09-04T14:37:03.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 4.0,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-02T05:15:17.823",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2024-18-vault-leaks-client-token-and-token-accessor-in-audit-devices/"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-30 15:15
Modified
2024-11-21 06:30
Severity ?
Summary
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "5A7212FD-695F-4F55-93D2-AD6F55D1B80B",
"versionEndIncluding": "1.7.5",
"versionStartIncluding": "0.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0F3712FE-1CE9-4FFA-98DC-CA9A3C5B1038",
"versionEndIncluding": "1.7.5",
"versionStartIncluding": "0.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.8.4:*:*:*:-:*:*:*",
"matchCriteriaId": "A7D561AF-7DCD-4541-8A63-DCEEDBE8A0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.8.4:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "A0D7039E-338E-4F53-A578-7CDBD11F93D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0."
},
{
"lang": "es",
"value": "Las pol\u00edticas ACL templadas de HashiCorp Vault y Vault Enterprise 0.11.0 versiones hasta 1.7.5 y 1.8.4 siempre coincid\u00edan con el primer alias de entidad creado si presentaban varios alias de entidad para una combinaci\u00f3n especificada de entidad y montaje, resultando potencialmente en una aplicaci\u00f3n incorrecta de la pol\u00edtica. Corregido en Vault y Vault Enterprise versiones 1.7.6, 1.8.5 y 1.9.0"
}
],
"id": "CVE-2021-43998",
"lastModified": "2024-11-21T06:30:10.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-30T15:15:07.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-30 01:15
Modified
2024-11-21 07:37
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.
This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "2C565DBD-95F4-4951-A029-93ABE5315740",
"versionEndExcluding": "1.11.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "80EB9F32-09A4-469C-AF76-1AE3137EAC1B",
"versionEndExcluding": "1.11.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "446F872F-F64C-44CA-85BC-144FCFBCFA8B",
"versionEndExcluding": "1.12.5",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "71A02FE6-C8D4-455D-A71A-C8353E1ECB7C",
"versionEndExcluding": "1.12.5",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "81280166-3DF7-4867-95E9-A7AFB9A12CE7",
"versionEndExcluding": "1.13.1",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C56E203C-1E18-4395-B500-B6EA695B16C0",
"versionEndExcluding": "1.13.1",
"versionStartIncluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.\n\nThis issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9."
}
],
"id": "CVE-2023-0620",
"lastModified": "2024-11-21T07:37:29.983",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-30T01:15:07.380",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1"
},
{
"source": "security@hashicorp.com",
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-01 16:15
Modified
2024-11-21 05:18
Severity ?
Summary
HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "32DD844D-4C10-450D-9017-D5870DF07738",
"versionEndExcluding": "1.5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "11FF3556-E92E-423B-86E5-175BD43F9192",
"versionEndExcluding": "1.5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "6FA59962-1063-4AA3-8B24-C8C6FD2C7341",
"versionEndExcluding": "1.6.2",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "4F85653B-E5DE-4654-A520-1573CD4F46DF",
"versionEndExcluding": "1.6.2",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 \u0026 1.5.7."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise permitieron la enumeraci\u00f3n de rutas de montaje de Secrets Engine por medio de peticiones HTTP no autenticadas.\u0026#xa0;Corregido en las versiones 1.6.2 y 1.5.7"
}
],
"id": "CVE-2020-25594",
"lastModified": "2024-11-21T05:18:11.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-01T16:15:12.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-23 13:15
Modified
2024-11-21 04:55
Severity ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F0568D06-4FE3-4898-A61D-B46DED3E0163",
"versionEndIncluding": "1.3.3",
"versionStartIncluding": "0.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CFFA5CFC-88D2-4AE7-B996-3759CDD85D72",
"versionEndIncluding": "1.3.3",
"versionStartIncluding": "0.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise versiones 0.11.0 hasta 1.3.3, pueden bajo determinadas circunstancias, presentar pol\u00edticas de ruta anidadas existentes que otorguen acceso a unos Espacios de Nombres despu\u00e9s de los datos creados. Corregido en versi\u00f3n 1.3.4."
}
],
"id": "CVE-2020-10661",
"lastModified": "2024-11-21T04:55:47.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-23T13:15:13.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-08 22:15
Modified
2025-02-13 18:16
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.
Fixed in Vault 1.15.4, 1.14.8, 1.13.12.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"matchCriteriaId": "279420C4-177B-42B2-A4D9-6E9EDA3F1D0E",
"versionEndIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B0DB3723-28B2-48CB-9027-9A3AE4C650BD",
"versionEndIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBF4C08-0C81-46C1-B9C6-843E07C78E34",
"versionEndExcluding": "1.13.12",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F1B50279-B5C2-442A-AA6B-55DDD19ED8F5",
"versionEndExcluding": "1.13.12",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"matchCriteriaId": "885CF0FC-A707-4E8F-BCA8-45BC83FC06EE",
"versionEndExcluding": "1.14.8",
"versionStartIncluding": "1.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D1BCB828-CA09-433F-96C3-4653B565DF1F",
"versionEndExcluding": "1.14.8",
"versionStartIncluding": "1.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89F657D5-0195-4A10-80B3-C12ACFFA5B0E",
"versionEndExcluding": "1.15.4",
"versionStartIncluding": "1.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CB94C54C-E891-47FD-8695-DFE0652F0E30",
"versionEndExcluding": "1.15.4",
"versionStartIncluding": "1.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.\n\nFixed in\u00a0Vault 1.15.4, 1.14.8, 1.13.12."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise 1.12.0 y versiones posteriores son vulnerables a una denegaci\u00f3n de servicio debido al agotamiento de la memoria del host cuando se manejan grandes solicitudes HTTP autenticadas y no autenticadas de un cliente. Vault intentar\u00e1 asignar la solicitud a la memoria, lo que provocar\u00e1 que se agote la memoria disponible en el host, lo que puede provocar que Vault falle. Corregido en Vault 1.15.4, 1.14.8, 1.13.12."
}
],
"id": "CVE-2023-6337",
"lastModified": "2025-02-13T18:16:08.143",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-08T22:15:07.713",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741"
},
{
"source": "security@hashicorp.com",
"url": "https://security.netapp.com/advisory/ntap-20240112-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240112-0006/"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-22 17:15
Modified
2024-11-21 06:01
Severity ?
Summary
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "3E8C2B56-E342-46D5-8D79-37DD75D6D811",
"versionEndExcluding": "1.5.8",
"versionStartIncluding": "1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "08ED6BDB-15A0-458E-B3D1-4B69592CAC7C",
"versionEndExcluding": "1.5.8",
"versionStartIncluding": "1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F0038DAE-0651-4FB2-87F6-D3116B6E25B3",
"versionEndExcluding": "1.6.4",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F5117009-915A-4869-A1F5-3BBA59D9E7E7",
"versionEndExcluding": "1.6.4",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "AD8B7C18-6F3A-4609-99FC-AEA2C3DA8A63",
"versionEndExcluding": "1.7.1",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "E8392A7C-4F72-4B67-BE17-A8DE721EA92E",
"versionEndExcluding": "1.7.1",
"versionStartIncluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise versiones 1.5.1 y posteriores, bajo determinadas circunstancias, pueden excluir certificados revocados pero no vencidos de la CRL.\u0026#xa0;Corregido en versiones 1.5.8, 1.6.4 y 1.7.1"
}
],
"id": "CVE-2021-29653",
"lastModified": "2024-11-21T06:01:34.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-22T17:15:07.753",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-01 02:15
Modified
2024-11-21 08:47
Severity ?
4.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"matchCriteriaId": "459B7BA3-5070-4686-9DDD-D3B8ADED0DF8",
"versionEndExcluding": "1.15.5",
"versionStartIncluding": "1.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B92203A3-1C92-430B-8008-A4FC4745DEEE",
"versionEndExcluding": "1.15.5",
"versionStartIncluding": "1.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vault and Vault Enterprise (\u201cVault\u201d) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`."
},
{
"lang": "es",
"value": "Vault y Vault Enterprise (\u201cVault\u201d) pueden exponer informaci\u00f3n confidencial al habilitar un dispositivo de auditor\u00eda que especifica la opci\u00f3n `log_raw`, que puede registrar informaci\u00f3n confidencial en otros dispositivos de auditor\u00eda, independientemente de si est\u00e1n configurados para usar `log_raw`."
}
],
"id": "CVE-2024-0831",
"lastModified": "2024-11-21T08:47:28.063",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-01T02:15:46.330",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration"
},
{
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311"
},
{
"source": "security@hashicorp.com",
"url": "https://security.netapp.com/advisory/ntap-20240223-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240223-0005/"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-28 01:15
Modified
2024-11-21 08:18
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.12.8:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "569B71B0-54D5-404F-A88D-64962015C309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.13.4:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "709FF8A4-0A50-4153-9FD5-F6ECFE12D245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.14.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "DB12634A-9B34-44C0-AC11-11120295E3F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unhandled error in Vault Enterprise\u0027s namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9."
}
],
"id": "CVE-2023-3774",
"lastModified": "2024-11-21T08:18:02.143",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-28T01:15:09.820",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-22 01:15
Modified
2024-11-21 07:21
Severity ?
Summary
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "6F7D3568-1DFC-4D7F-9C90-549681303D7A",
"versionEndExcluding": "1.9.9",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "AC692B79-82DB-45CA-9116-45278240AEA7",
"versionEndExcluding": "1.9.9",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A13E5D18-413A-431C-8F68-0A28513AA43F",
"versionEndExcluding": "1.10.6",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "518DEF17-CBE0-4799-AF74-B11BEFDE453C",
"versionEndExcluding": "1.10.6",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "CBDC6291-4C85-473E-93DA-DE2B7C1C22C8",
"versionEndExcluding": "1.11.3",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8C7238A3-B4B6-4A28-B5EE-AE982B241E43",
"versionEndExcluding": "1.11.3",
"versionStartIncluding": "1.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault."
},
{
"lang": "es",
"value": "Se ha detectado un problema en HashiCorp Vault y Vault Enterprise versiones anteriores a 1.11.3. Se ha encontrado una vulnerabilidad en el Motor de Identidades por la que, en una implementaci\u00f3n en la que una entidad presenta varios accesos de montaje con nombres de alias compartidos, Vault puede sobrescribir los metadatos en el alias incorrecto debido a un problema de comprobaci\u00f3n del alias correcto asignado a una entidad. Esto puede permitir un acceso involuntario a las rutas de clave/valor usando esos metadatos en Vault"
}
],
"id": "CVE-2022-40186",
"lastModified": "2024-11-21T07:21:01.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-22T01:15:12.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221111-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221111-0008/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-31 18:15
Modified
2024-11-21 05:58
Severity ?
Summary
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "3C3C0445-027D-4907-8E8A-CBA653EF5B94",
"versionEndExcluding": "1.6.3",
"versionStartIncluding": "0.9.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3."
},
{
"lang": "es",
"value": "HashiCorp Vault Enterprise versiones 0.9.2 hasta 1.6.2, permit\u00eda la lectura de metadatos de licencia de DR secundarios sin autenticaci\u00f3n. Corregido en versi\u00f3n 1.6.3"
}
],
"id": "CVE-2021-27668",
"lastModified": "2024-11-21T05:58:24.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-31T18:15:07.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-01 20:15
Modified
2025-01-30 16:15
Severity ?
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CE468CF8-6DD1-476A-97CC-9FC0252AE726",
"versionEndExcluding": "1.13.2",
"versionStartIncluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the\u00a0CKM_AES_CBC_PAD or\u00a0CKM_AES_CBC encryption mechanisms.\u00a0An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault\u2019s root key. Fixed in 1.13.2"
}
],
"id": "CVE-2023-2197",
"lastModified": "2025-01-30T16:15:29.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-01T20:15:14.597",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322"
},
{
"source": "security@hashicorp.com",
"url": "https://security.netapp.com/advisory/ntap-20230609-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230609-0007/"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-09 21:15
Modified
2024-11-21 08:42
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8265AC92-59E4-4229-87E8-ABAF9E3DAAF3",
"versionEndExcluding": "1.13.10",
"versionStartIncluding": "1.13.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "9FD3EF12-C2C0-4529-B0AB-08B8F238531D",
"versionEndExcluding": "1.13.10",
"versionStartIncluding": "1.13.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "38120A49-ED14-4C8C-9A0A-BA040D48C4E7",
"versionEndExcluding": "1.14.6",
"versionStartIncluding": "1.14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "ABC1488F-D1BA-4C98-98E0-DAFE9BE205A1",
"versionEndExcluding": "1.14.6",
"versionStartIncluding": "1.14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1C9C9A12-4062-4968-BE87-1B07A789A7D3",
"versionEndExcluding": "1.15.2",
"versionStartIncluding": "1.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "2D3F2482-2783-49B2-888B-AC99FEE976EA",
"versionEndExcluding": "1.15.2",
"versionStartIncluding": "1.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10."
},
{
"lang": "es",
"value": "Las solicitudes de clientes entrantes de HashiCorp Vault y Vault Enterprise que activan una verificaci\u00f3n de pol\u00edticas pueden provocar un consumo ilimitado de memoria. Un gran n\u00famero de estas solicitudes pueden dar lugar a una denegaci\u00f3n de servicio. Corregido en Vault 1.15.2, 1.14.6 y 1.13.10."
}
],
"id": "CVE-2023-5954",
"lastModified": "2024-11-21T08:42:51.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-09T21:15:25.143",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926"
},
{
"source": "security@hashicorp.com",
"url": "https://security.netapp.com/advisory/ntap-20231227-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231227-0001/"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-17 05:15
Modified
2024-11-21 05:26
Severity ?
Summary
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8BBE5051-FDC2-490C-A8FE-7134B02ADA31",
"versionEndExcluding": "1.5.6",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "FC2B5308-C3D8-4BB6-BE29-ECFA0262A4C9",
"versionEndExcluding": "1.5.6",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "C9C83375-2E73-4F4F-8913-77BA05950C9B",
"versionEndExcluding": "1.6.1",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "9AFA38F7-04B2-44AF-A1C9-F11EAC86D89D",
"versionEndExcluding": "1.6.1",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise 1.4.1 y m\u00e1s recientes permitieron la enumeraci\u00f3n de usuarios por medio del m\u00e9todo de autenticaci\u00f3n LDAP. Corregido en versiones 1.5.6 y 1.6.1"
}
],
"id": "CVE-2020-35177",
"lastModified": "2024-11-21T05:26:54.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-17T05:15:10.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-01 16:15
Modified
2024-11-21 06:21
Severity ?
Summary
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A127E5E5-AD2A-4911-8A87-0951B7A4A249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB42CDF-DDC0-4575-8516-CE3B42FECB98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault Enterprise 1.6.0 \u0026 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2."
},
{
"lang": "es",
"value": "HashiCorp Vault Enterprise versiones 1.6.0 y 1.6.1, permitieron que el comando del operador raft \"remove-peer\" sea ejecutado contra los secundarios de DR sin autenticaci\u00f3n.\u0026#xa0;Corregido en la versi\u00f3n 1.6.2"
}
],
"id": "CVE-2021-3282",
"lastModified": "2024-11-21T06:21:12.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-01T16:15:13.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-17 18:15
Modified
2024-11-21 07:03
Severity ?
Summary
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://discuss.hashicorp.com | Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202207-01 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20220629-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://discuss.hashicorp.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202207-01 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220629-0006/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "604973B7-EDDA-41D5-B6E6-C11A1560FB40",
"versionEndExcluding": "1.10.3",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "DF292C97-3785-4305-AAB5-2DCEC65681AE",
"versionEndExcluding": "1.10.3",
"versionStartIncluding": "1.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise desde la versi\u00f3n 1.10.0 hasta 1.10.2 no configuraban ni aplicaban correctamente la MFA en el inicio de sesi\u00f3n tras el reinicio del servidor. Esto afecta a la funci\u00f3n MFA de inicio de sesi\u00f3n introducida en Vault y Vault Enterprise versi\u00f3n 1.10.0 y no afecta al conjunto de funciones MFA de Enterprise por separado. Corregido en versi\u00f3n 1.10.3"
}
],
"id": "CVE-2022-30689",
"lastModified": "2024-11-21T07:03:10.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-17T18:15:08.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220629-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220629-0006/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-03 11:15
Modified
2024-11-21 06:07
Severity ?
Summary
HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "14A9B0B2-7CB2-4C58-A533-C8B8A384B9E7",
"versionEndExcluding": "1.5.9",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0A1393FB-B347-43B0-B385-778DB91EE17D",
"versionEndExcluding": "1.5.9",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "982EA447-6427-441A-969C-F15CA795CB2E",
"versionEndExcluding": "1.6.5",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "3AD3802D-3031-4639-B4F6-ECB64F776333",
"versionEndExcluding": "1.6.5",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "B0BC9967-86A5-47F4-86A5-35B32A677BA6",
"versionEndExcluding": "1.7.2",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "E6D1D690-7B01-483A-AF34-F26AAE923A43",
"versionEndExcluding": "1.7.2",
"versionStartIncluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise permit\u00edan la renovaci\u00f3n de los contratos de alquiler de tokens casi caducados y de los contratos de alquiler de secretos din\u00e1micos (concretamente, los que estaban a menos de 1 segundo de su TTL m\u00e1ximo), lo que caus\u00f3 que sean incorrectamente tratados como no caducados durante su uso posterior. Corregido en versiones 1.5.9, 1.6.5 y 1.7.2"
}
],
"id": "CVE-2021-32923",
"lastModified": "2024-11-21T06:07:56.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-03T11:15:08.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-30 01:15
Modified
2024-11-21 07:37
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "2C565DBD-95F4-4951-A029-93ABE5315740",
"versionEndExcluding": "1.11.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "80EB9F32-09A4-469C-AF76-1AE3137EAC1B",
"versionEndExcluding": "1.11.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "446F872F-F64C-44CA-85BC-144FCFBCFA8B",
"versionEndExcluding": "1.12.5",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "71A02FE6-C8D4-455D-A71A-C8353E1ECB7C",
"versionEndExcluding": "1.12.5",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "81280166-3DF7-4867-95E9-A7AFB9A12CE7",
"versionEndExcluding": "1.13.1",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C56E203C-1E18-4395-B500-B6EA695B16C0",
"versionEndExcluding": "1.13.1",
"versionStartIncluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault\u0027s PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9."
}
],
"id": "CVE-2023-0665",
"lastModified": "2024-11-21T07:37:35.217",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-30T01:15:07.437",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1"
},
{
"source": "security@hashicorp.com",
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-09 17:15
Modified
2024-11-21 07:57
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "9A558837-B608-49F9-848A-8C346FC49976",
"versionEndExcluding": "1.11.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0035DEF4-A8BD-4C1E-A97E-780B43A78004",
"versionEndExcluding": "1.11.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "429152A2-A76E-43F9-B172-D571E031131C",
"versionEndExcluding": "1.12.7",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "112FE0EC-825F-495C-96D0-4F8D2D86285B",
"versionEndExcluding": "1.12.7",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "B38C690C-88AF-40ED-A3B7-C9C571198529",
"versionEndExcluding": "1.13.3",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "E4A2970F-D07A-4847-BDFE-8C57BCBF0C62",
"versionEndExcluding": "1.13.3",
"versionStartIncluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vault and Vault Enterprise\u0027s (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11."
}
],
"id": "CVE-2023-2121",
"lastModified": "2024-11-21T07:57:58.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-09T17:15:09.467",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-12 21:15
Modified
2024-11-21 07:23
Severity ?
Summary
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A83AB9F6-6662-440E-81EB-3C62B75C5BB8",
"versionEndExcluding": "1.9.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "8D2BFA44-9C1C-47E9-9A45-60AB128E17BF",
"versionEndExcluding": "1.9.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1D91D270-5EFB-45A6-ACEF-DDCEFDCCFEC9",
"versionEndExcluding": "1.10.7",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "3CFBD5A4-3C11-4980-A007-912156790844",
"versionEndExcluding": "1.10.7",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "45D5EC99-1403-4ACB-BD8D-A7D1ED6D31D9",
"versionEndExcluding": "1.11.4",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "225236BD-A091-472C-9CCD-FCD7753A4E0D",
"versionEndExcluding": "1.11.4",
"versionStartIncluding": "1.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise\u2019s TLS certificate auth method did not initially load the optionally configured CRL issued by the role\u0027s CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10."
},
{
"lang": "es",
"value": "El m\u00e9todo de autenticaci\u00f3n de certificados TLS de HashiCorp Vault y Vault Enterprise no cargaba inicialmente la CRL configurada opcionalmente y emitida por la CA del rol en la memoria al iniciarse, resultando en que no se comprobara la lista de revocaci\u00f3n si la CRL a\u00fan no era recuperada. Corregido en versiones 1.12.0, 1.11.4, 1.10.7 y 1.9.10"
}
],
"id": "CVE-2022-41316",
"lastModified": "2024-11-21T07:23:01.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-12T21:15:09.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221201-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221201-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-10 19:15
Modified
2024-11-21 05:00
Severity ?
Summary
HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.hashicorp.com/blog/category/vault/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.hashicorp.com/blog/category/vault/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "AFE1B675-B382-4D1E-BC7B-485C14FE8A44",
"versionEndExcluding": "1.3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6F97F1E0-06E3-4793-B71F-B0C24D1C674A",
"versionEndExcluding": "1.4.2",
"versionStartIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1CD6F1BC-31A4-4642-8982-EBD5B380A603",
"versionEndExcluding": "1.3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "FA54C14C-F7C4-4F67-8296-A51845AB63D8",
"versionEndExcluding": "1.4.2",
"versionStartIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise registraron variables de entorno proxy que inclu\u00edan potencialmente credenciales sensibles. Fijado en las versiones 1.3.6 y 1.4.2"
}
],
"id": "CVE-2020-13223",
"lastModified": "2024-11-21T05:00:49.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-10T19:15:09.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-10 19:15
Modified
2024-11-21 05:00
Severity ?
Summary
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.hashicorp.com/blog/category/vault/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.hashicorp.com/blog/category/vault/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "FA54C14C-F7C4-4F67-8296-A51845AB63D8",
"versionEndExcluding": "1.4.2",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6F97F1E0-06E3-4793-B71F-B0C24D1C674A",
"versionEndExcluding": "1.4.2",
"versionStartIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise versi\u00f3n 1.4.0 y versi\u00f3n 1.4.1, cuando se configuran con el Motor de Secretos GCP, pueden generar incorrectamente Credenciales GCP con la duraci\u00f3n de alquiler predeterminada en lugar de la configuraci\u00f3n del motor. Esto puede llevar a que las credenciales de BPC generadas sean v\u00e1lidas durante m\u00e1s tiempo del previsto. Corregido en la versi\u00f3n 1.4.2"
}
],
"id": "CVE-2020-12757",
"lastModified": "2024-11-21T05:00:13.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-10T19:15:09.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-26 15:15
Modified
2024-11-21 05:07
Severity ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://www.hashicorp.com/blog/category/vault/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.hashicorp.com/blog/category/vault/ | Product, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "85BEB94C-3B3C-4088-9E5E-85877E1F6497",
"versionEndExcluding": "1.2.5",
"versionStartIncluding": "0.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "269A36BC-B728-4AFA-B08B-0C04B22DFEC9",
"versionEndExcluding": "1.3.8",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "68A9A5AE-CC39-4296-95AF-6E2C13C64C51",
"versionEndExcluding": "1.4.4",
"versionStartIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6813A54F-6259-40AA-BBF5-90DB0480813D",
"versionEndExcluding": "1.5.1",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A21DD5AC-CEBA-4AC2-9CD2-42F40DB11C06",
"versionEndExcluding": "1.2.5",
"versionStartIncluding": "0.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "78915E16-7E2F-4DDA-89FF-1751B6546FC2",
"versionEndExcluding": "1.3.8",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "E03B11E5-953A-4D0E-A75C-87F43BE0F323",
"versionEndExcluding": "1.4.4",
"versionStartIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "894E4573-D9DF-4357-AAA8-50CA95A4CD2B",
"versionEndExcluding": "1.5.1",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise versiones 0.8.3 y posteriores, cuando son configuradas con el m\u00e9todo de autenticaci\u00f3n GCP GCE, pueden ser vulnerables a una omisi\u00f3n de autenticaci\u00f3n. Corregido en las versiones 1.2.5, 1.3.8, 1.4.4 y 1.5.1"
}
],
"id": "CVE-2020-16251",
"lastModified": "2024-11-21T05:07:01.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-26T15:15:12.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-23 13:15
Modified
2024-11-21 04:55
Severity ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "11BD6F5D-C0B7-4355-B4F3-E24A7D69D41D",
"versionEndIncluding": "1.3.3",
"versionStartIncluding": "0.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "5A05972B-DC6F-4846-B2C1-D226F303874B",
"versionEndIncluding": "1.3.3",
"versionStartIncluding": "0.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity\u0027s Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise versiones 0.9.0 hasta 1.3.3, pueden bajo determinadas circunstancias, presentar una membres\u00eda Entity\u0027s Group que inadvertidamente incluye Grupos a los que la Entidad ya no tiene permiso. Corregido en 1.3.4."
}
],
"id": "CVE-2020-10660",
"lastModified": "2024-11-21T04:55:47.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-23T13:15:13.127",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-08 17:15
Modified
2024-11-21 06:26
Severity ?
2.9 (Low) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F2364D80-5C09-4C00-A6A0-D0A6F472A89F",
"versionEndExcluding": "1.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6AACA6FE-8D99-4123-A5F8-FF54411E428A",
"versionEndExcluding": "1.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "BE022CF4-2E6E-44C8-BBEF-DA15F280FE31",
"versionEndExcluding": "1.8.4",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "05A41093-704E-45F3-AEB2-435AA30FA377",
"versionEndExcluding": "1.8.4",
"versionStartIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user\u2019s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise versiones hasta 1.7.4 y 1.8.3, permit\u00edan que un usuario con permiso de escritura en un ID de alias de entidad que compart\u00eda un accesorio de montaje con otro usuario adquiriera las pol\u00edticas de este otro usuario al fusionar sus identidades. Corregido en Vault y Vault Enterprise versiones 1.7.5 y 1.8.4"
}
],
"id": "CVE-2021-41802",
"lastModified": "2024-11-21T06:26:47.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-08T17:15:07.853",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-17 14:15
Modified
2024-11-21 06:31
Severity ?
Summary
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "6E0E2E1B-2244-4D62-B8E3-AE799D0AD7FD",
"versionEndExcluding": "1.7.7",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0484B927-09B0-40E8-B77A-43418C610E65",
"versionEndExcluding": "1.7.7",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "6591677D-48B8-4A98-B23A-F34154E0E160",
"versionEndExcluding": "1.8.6",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D61C130D-AE26-4098-A843-761464BAAAAB",
"versionEndExcluding": "1.8.6",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.9.0:*:*:*:-:*:*:*",
"matchCriteriaId": "8CCA5BF6-13A5-4FC7-9C59-8D9F02A95031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.9.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B326A8B9-BA42-4184-B1D5-D549387C9E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0."
},
{
"lang": "es",
"value": "En HashiCorp Vault y Vault Enterprise versiones anteriores a 1.7.7, 1.8.x anteriores a 1.8.6 y 1.9.x anteriores a 1.9.1, los clusters que usaban el backend de almacenamiento integrado permit\u00edan a un usuario autenticado (con permisos de escritura en un motor de secretos kv) causar un p\u00e1nico y una denegaci\u00f3n de servicio del backend de almacenamiento. La primera versi\u00f3n afectada es la 1.4.0"
}
],
"id": "CVE-2021-45042",
"lastModified": "2024-11-21T06:31:51.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-17T14:15:07.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-17 05:15
Modified
2024-11-21 05:27
Severity ?
Summary
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8BBE5051-FDC2-490C-A8FE-7134B02ADA31",
"versionEndExcluding": "1.5.6",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "FC2B5308-C3D8-4BB6-BE29-ECFA0262A4C9",
"versionEndExcluding": "1.5.6",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "C9C83375-2E73-4F4F-8913-77BA05950C9B",
"versionEndExcluding": "1.6.1",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "9AFA38F7-04B2-44AF-A1C9-F11EAC86D89D",
"versionEndExcluding": "1.6.1",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault Enterprise\u2019s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1."
},
{
"lang": "es",
"value": "La funcionalidad de la pol\u00edtica Sentinel EGP de HashiCorp Vault Enterprise, permit\u00eda incorrectamente peticiones a ser procesadas en los espacios de nombres de parent y sibling.\u0026#xa0;Corregido en versiones 1.5.6 y 1.6.1"
}
],
"id": "CVE-2020-35453",
"lastModified": "2024-11-21T05:27:18.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-17T05:15:10.860",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-29 00:15
Modified
2024-11-21 08:41
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "02EC9823-2E05-40AF-A186-D9344AC76FA5",
"versionEndExcluding": "1.13.0",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "EB660653-154B-4CD8-A7BA-8814C9536616",
"versionEndExcluding": "1.13.0",
"versionStartIncluding": "0.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Vault and Vault Enterprise (\"Vault\") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0."
},
{
"lang": "es",
"value": "El engine de los secretos en Vault and Vault Enterprise (\"Vault\") Google Cloud no conserv\u00f3 la existencia de Google Cloud IAM Conditions al crear o actualizar conjuntos de roles. Corregido en Vault 1.13.0."
}
],
"id": "CVE-2023-5077",
"lastModified": "2024-11-21T08:41:01.217",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-29T00:15:12.693",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-26 23:15
Modified
2024-11-21 07:12
Severity ?
Summary
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C61A9B98-537D-4B3E-B8DB-2B745F194602",
"versionEndIncluding": "1.9.7",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF15D42-012D-42E2-94A8-41CB79AA1630",
"versionEndIncluding": "1.10.4",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.11.0:*:*:*:-:*:*:*",
"matchCriteriaId": "5374E2F4-F912-461D-A59B-1C5D474EB1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.11.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "DD2B7644-DDE6-46EA-BF39-3DD2087AD9E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1."
},
{
"lang": "es",
"value": "Los cl\u00fasteres de HashiCorp Vault Enterprise 1.7.0 a 1.9.7, 1.10.4 y 1.11.0 que utilizan Integrated Storage exponen un punto final de API no autenticado que podr\u00eda ser abusado para anular el estado de votante de un nodo dentro de un cl\u00faster de Vault HA, introduciendo la posibilidad de una futura p\u00e9rdida de datos o un fallo catastr\u00f3fico. Corregido en Vault Enterprise 1.9.8, 1.10.5 y 1.11.1"
}
],
"id": "CVE-2022-36129",
"lastModified": "2024-11-21T07:12:27.497",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-26T23:15:08.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20220901-0011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20220901-0011/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-10 17:47
Modified
2024-11-21 06:51
Severity ?
Summary
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D5B10A87-F01B-42DF-BA0A-DBDC987FF555",
"versionEndExcluding": "1.7.10",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0B587CFF-3ADF-4401-87BA-3D1C2D4EBFCA",
"versionEndExcluding": "1.8.9",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "EED439A5-987B-4223-8505-48BFF3728B5D",
"versionEndExcluding": "1.9.4",
"versionStartIncluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10."
},
{
"lang": "es",
"value": "Los cl\u00fasteres de Vault Enterprise usando la funcionalidad tokenization transform pueden exponer la clave de tokenizaci\u00f3n mediante el endpoint de configuraci\u00f3n de la clave de tokenizaci\u00f3n a operadores autorizados con permisos \"read\" en este endpoint. Corregido en Vault Enterprise versiones 1.9.4, 1.8.9 y 1.7.10"
}
],
"id": "CVE-2022-25244",
"lastModified": "2024-11-21T06:51:52.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:47:06.993",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-26 15:15
Modified
2024-11-21 05:07
Severity ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.hashicorp.com/blog/category/vault/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.hashicorp.com/blog/category/vault/ | Product, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D2494214-E6B2-4322-AA79-CC4AE1959760",
"versionEndExcluding": "1.2.5",
"versionStartIncluding": "0.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "24DC6241-A2AA-45DD-B2E9-82DEE9FF0DB2",
"versionEndExcluding": "1.2.5",
"versionStartIncluding": "0.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "78915E16-7E2F-4DDA-89FF-1751B6546FC2",
"versionEndExcluding": "1.3.8",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "269A36BC-B728-4AFA-B08B-0C04B22DFEC9",
"versionEndExcluding": "1.3.8",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "E03B11E5-953A-4D0E-A75C-87F43BE0F323",
"versionEndExcluding": "1.4.4",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "68A9A5AE-CC39-4296-95AF-6E2C13C64C51",
"versionEndExcluding": "1.4.4",
"versionStartIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "894E4573-D9DF-4357-AAA8-50CA95A4CD2B",
"versionEndExcluding": "1.5.1",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6813A54F-6259-40AA-BBF5-90DB0480813D",
"versionEndExcluding": "1.5.1",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise versiones 0.7.1 y posteriores, cuando son configuradas con el m\u00e9todo de autenticaci\u00f3n AWS IAM, pueden ser vulnerables a una omisi\u00f3n de autenticaci\u00f3n. Corregido en 1.2.5, 1.3.8, 1.4.4 y 1.5.1.."
}
],
"id": "CVE-2020-16250",
"lastModified": "2024-11-21T05:07:01.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-26T15:15:12.850",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
},
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-10 17:47
Modified
2024-11-21 06:51
Severity ?
Summary
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7256A02C-3F6E-43A6-9D9C-8714434DDA1B",
"versionEndExcluding": "1.8.9",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0B587CFF-3ADF-4401-87BA-3D1C2D4EBFCA",
"versionEndExcluding": "1.8.9",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "995C47FF-0CE7-4438-85D5-325F715B0BAA",
"versionEndExcluding": "1.9.4",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "EED439A5-987B-4223-8505-48BFF3728B5D",
"versionEndExcluding": "1.9.4",
"versionStartIncluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4."
},
{
"lang": "es",
"value": "Vault y Vault Enterprise versiones 1.8.0 a 1.8.8, y 1.9.3, permit\u00edan que el motor de secretos PKI, bajo determinadas configuraciones, emitiera certificados comod\u00edn a usuarios autorizados para un dominio especificado, incluso si el atributo de la pol\u00edtica de rol PKI allow_subdomains est\u00e1 establecido en falso. Corregido en Vault Enterprise versiones 1.8.9 y 1.9.4"
}
],
"id": "CVE-2022-25243",
"lastModified": "2024-11-21T06:51:51.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:47:06.927",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-13 16:15
Modified
2024-11-21 06:17
Severity ?
Summary
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "2A199FE0-3F86-46A9-B09C-4F9F1F9F9DBC",
"versionEndExcluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "A49A8BD3-0C2A-4C51-A8D3-940CBD8C59B1",
"versionEndExcluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise\u2019s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases."
},
{
"lang": "es",
"value": "La interfaz de usuario de HashiCorp Vault y Vault Enterprise almacenaba err\u00f3neamente en cach\u00e9 y expon\u00eda los secretos visualizados por el usuario entre sesiones en un mismo navegador compartido. Corregido en versi\u00f3n 1.8.0 y en versiones pendientes 1.7.4 / 1.6.6."
}
],
"id": "CVE-2021-38554",
"lastModified": "2024-11-21T06:17:25.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-13T16:15:08.117",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-10 21:15
Modified
2024-10-18 20:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "7C3A4160-F4D5-4447-B637-ADB46ECA6191",
"versionEndIncluding": "1.17.7",
"versionStartIncluding": "1.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "B1A3560F-6E15-4CB4-AD63-019E7C499369",
"versionEndExcluding": "1.18.0",
"versionStartIncluding": "1.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6A11834C-76C4-4D8A-8493-D2331334B823",
"versionEndExcluding": "1.15.16",
"versionStartIncluding": "1.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "137EE5AE-4532-40C5-AAFD-45BC897A216C",
"versionEndExcluding": "1.16.11",
"versionStartIncluding": "1.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their own or another user\u2019s privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16."
},
{
"lang": "es",
"value": "Un operador de Vault privilegiado con permisos de escritura en el endpoint de identidad del espacio de nombres ra\u00edz podr\u00eda escalar sus privilegios a la pol\u00edtica ra\u00edz de Vault. Corregido en Vault Community Edition 1.18.0 y Vault Enterprise 1.18.0, 1.17.7, 1.16.11 y 1.15.16."
}
],
"id": "CVE-2024-9180",
"lastModified": "2024-10-18T20:15:03.393",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-10T21:15:05.010",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-11 03:15
Modified
2024-11-21 06:27
Severity ?
Summary
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "A969F70A-A0A5-4F1E-9B59-554F034FA785",
"versionEndIncluding": "1.8.4",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "E61B9141-843A-4039-9B4F-4A3443C9023C",
"versionEndIncluding": "1.8.4",
"versionStartIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise versiones 1.8.x a 1.8.4, pueden tener una interacci\u00f3n inesperada entre las pol\u00edticas relacionadas con glob y el motor de secretos de Google Cloud. Los usuarios pueden, en algunas situaciones, tener m\u00e1s privilegios de los previstos, por ejemplo, un usuario con permiso de lectura para la ruta /gcp/roleset/* puede ser capaz de emitir credenciales de cuentas de servicio de Google Cloud"
}
],
"id": "CVE-2021-42135",
"lastModified": "2024-11-21T06:27:20.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-11T03:15:06.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 23:15
Modified
2024-11-21 08:17
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "DF8B4175-8E60-4169-9D10-FE924EB1516C",
"versionEndExcluding": "1.13.5",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "EBC19EB3-A5B0-4165-BB49-763953AC2369",
"versionEndExcluding": "1.13.5",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.14.0:*:*:*:-:*:*:*",
"matchCriteriaId": "3DFB14EC-487C-454C-A712-10085D897748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.14.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "DB12634A-9B34-44C0-AC11-11120295E3F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp\u0027s Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5."
}
],
"id": "CVE-2023-3462",
"lastModified": "2024-11-21T08:17:19.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T23:15:10.360",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-23 18:15
Modified
2024-11-21 05:36
Severity ?
Summary
HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "900FA9AF-7865-4166-A3E6-8315B19D23A9",
"versionEndExcluding": "1.3.2",
"versionStartIncluding": "0.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2."
},
{
"lang": "es",
"value": "HashiCorp Vault Enterprise versiones 0.11.0 hasta 1.3.1 presenta un fallo, en determinadas circunstancias, al revocar secretos din\u00e1micos para un montaje en un espacio de nombres eliminado. Corregido en versi\u00f3n 1.3.2."
}
],
"id": "CVE-2020-7220",
"lastModified": "2024-11-21T05:36:51.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-23T18:15:14.930",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-29 00:15
Modified
2024-11-21 08:18
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "648748AE-3BBB-4918-AF7A-5261B36B851E",
"versionEndExcluding": "1.13.8",
"versionStartIncluding": "0.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6950375D-91C1-46D3-8554-22D710C6FC8E",
"versionEndExcluding": "1.14.4",
"versionStartIncluding": "1.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8."
},
{
"lang": "es",
"value": "Vault Enterprise Sentinel Role Governing Policy creada por un operador para restringir el acceso a los recursos en un espacio de nombres se puede aplicar a solicitudes externas en otro espacio de nombres no descendiente, lo que podr\u00eda provocar una denegaci\u00f3n de servicio. Corregido en Vault Enterprise 1.15.0, 1.14.4, 1.13.8."
}
],
"id": "CVE-2023-3775",
"lastModified": "2024-11-21T08:18:02.273",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-29T00:15:12.543",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-11 00:15
Modified
2024-11-21 07:48
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "9F8302EA-93E3-4181-8616-04598ED0C598",
"versionEndExcluding": "1.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "7C538086-CAAD-4E99-A250-2B51F7D4FA70",
"versionEndExcluding": "1.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "6B9B93DD-17A5-4230-AD7D-C1D96046A73D",
"versionEndExcluding": "1.11.8",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "FC94042C-B42F-4F60-92E7-5ECF0F0ABFD9",
"versionEndExcluding": "1.11.8",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "90C9579E-35EE-4DCE-96F6-DF64B52BBDE6",
"versionEndExcluding": "1.12.4",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "DE915EDC-95E7-4D29-AA3E-7D41108275F4",
"versionEndExcluding": "1.12.4",
"versionStartIncluding": "1.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise\u2019s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above."
}
],
"id": "CVE-2023-24999",
"lastModified": "2024-11-21T07:48:54.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-11T00:15:09.410",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305"
},
{
"source": "security@hashicorp.com",
"url": "https://security.netapp.com/advisory/ntap-20230505-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230505-0001/"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-17 02:15
Modified
2024-11-21 05:26
Severity ?
Summary
The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/koharin/koharin2/blob/main/CVE-2020-35192 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/koharin/koharin2/blob/main/CVE-2020-35192 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3DF987-5D7D-45D5-9AA6-E658311512CE",
"versionEndExcluding": "0.11.6",
"versionStartIncluding": "0.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password."
},
{
"lang": "es",
"value": "Las im\u00e1genes de docker de official vault versiones anteriores a 0.11.6, contienen una contrase\u00f1a en blanco para un usuario root.\u0026#xa0;El sistema que usa el contenedor de docker vault implementado por unas versiones afectadas de la imagen de docker puede permitir a un atacante remoto conseguir acceso root con una contrase\u00f1a en blanco"
}
],
"id": "CVE-2020-35192",
"lastModified": "2024-11-21T05:26:55.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-17T02:15:13.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-13 16:15
Modified
2024-11-21 06:17
Severity ?
Summary
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D84130CE-0F11-41C3-A9FD-AA6EE7CE16A6",
"versionEndExcluding": "1.8.0",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "5B7DA027-4842-4F24-94A0-B6EEE93D5745",
"versionEndExcluding": "1.8.0",
"versionStartIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0."
},
{
"lang": "es",
"value": "HashiCorp Vault y Vault Enterprise versiones 1.4.0 hasta 1.7.3, inicializaban un archivo de base de datos subyacente asociado con la funcionalidad Integrated Storage con permisos de sistema de archivos excesivamente amplios. Corregido en Vault y Vault Enterprise versi\u00f3n 1.8.0."
}
],
"id": "CVE-2021-38553",
"lastModified": "2024-11-21T06:17:25.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-13T16:15:08.080",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-281"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-30 01:15
Modified
2024-11-21 07:48
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "2C565DBD-95F4-4951-A029-93ABE5315740",
"versionEndExcluding": "1.11.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "80EB9F32-09A4-469C-AF76-1AE3137EAC1B",
"versionEndExcluding": "1.11.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "446F872F-F64C-44CA-85BC-144FCFBCFA8B",
"versionEndExcluding": "1.12.5",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "71A02FE6-C8D4-455D-A71A-C8353E1ECB7C",
"versionEndExcluding": "1.12.5",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "81280166-3DF7-4867-95E9-A7AFB9A12CE7",
"versionEndExcluding": "1.13.1",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C56E203C-1E18-4395-B500-B6EA695B16C0",
"versionEndExcluding": "1.13.1",
"versionStartIncluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault\u0027s implementation of Shamir\u0027s secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9."
}
],
"id": "CVE-2023-25000",
"lastModified": "2024-11-21T07:48:54.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 4.0,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-30T01:15:07.493",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078"
},
{
"source": "security@hashicorp.com",
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-208"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-30 20:15
Modified
2024-11-21 05:18
Severity ?
Summary
HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://www.hashicorp.com/blog/category/vault | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.hashicorp.com/blog/category/vault | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D35AD78C-3A03-4ED6-B3FC-F7877CCE4BFC",
"versionEndExcluding": "1.4.7",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "9D444A1F-E4AA-4FE9-B93E-69AF6CF06ADA",
"versionEndExcluding": "1.4.7",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "6361AB01-4220-49D4-AE15-C241C5A40062",
"versionEndExcluding": "1.5.4",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CE727141-3FC5-4B00-A7D9-BDADE069823C",
"versionEndExcluding": "1.5.4",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4."
},
{
"lang": "es",
"value": "Las versiones 1.0 y posteriores de HashiCorp Vault y Vault Enterprise permit\u00edan que los contratos de arrendamiento creados con un testigo de lote sobrevivieran a su TTL porque el tiempo de caducidad no estaba programado correctamente. Corregido en las versiones 1.4.7 y 1.5.4"
}
],
"id": "CVE-2020-25816",
"lastModified": "2024-11-21T05:18:49.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-30T20:15:15.653",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.hashicorp.com/blog/category/vault"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-22 17:15
Modified
2024-11-21 05:57
Severity ?
Summary
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "27B3B966-91DB-43C2-BBDF-89B8B7705A5A",
"versionEndExcluding": "1.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "497EEAD2-3830-42CC-928A-3EAFC2CBE890",
"versionEndExcluding": "1.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"matchCriteriaId": "AD8B7C18-6F3A-4609-99FC-AEA2C3DA8A63",
"versionEndExcluding": "1.7.1",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "E8392A7C-4F72-4B67-BE17-A8DE721EA92E",
"versionEndExcluding": "1.7.1",
"versionStartIncluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1"
},
{
"lang": "es",
"value": "Las integraciones de HashiCorp Vault y Vault Enterprise Cassandra (backend de almacenamiento y plugin del motor de secretos de la base de datos) no comprobaban los certificados TLS al conectarse a los cl\u00fasteres de Cassandra.\u0026#xa0;Corregido en 1.6.4 y 1.7.1"
}
],
"id": "CVE-2021-27400",
"lastModified": "2024-11-21T05:57:55.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-22T17:15:07.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-15 00:15
Modified
2024-11-21 08:35
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88214AA6-BE16-44D0-8BF3-961AA4F4912C",
"versionEndExcluding": "1.12.11",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "308AEF45-E549-4EA3-8028-3A95978BF44C",
"versionEndExcluding": "1.12.11",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1190B84C-4AE0-4353-A7B3-64B646E4BCA5",
"versionEndExcluding": "1.13.7",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "148E1E7C-5DB9-4261-BF3B-A54C8B5F43EA",
"versionEndExcluding": "1.13.7",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"matchCriteriaId": "931AAAF6-4AB0-46EB-A03F-FF98A22867C2",
"versionEndExcluding": "1.14.3",
"versionStartIncluding": "1.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "778CBB0C-2739-4733-871A-9B053843FADC",
"versionEndExcluding": "1.14.3",
"versionStartIncluding": "1.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11."
},
{
"lang": "es",
"value": "El motor de secretos de tr\u00e1nsito de HashiCorp Vault y Vault Enterprise permiti\u00f3 a los usuarios autorizados especificar nonces arbitrarios, incluso con el cifrado convergente deshabilitado. El endpoint de cifrado, en combinaci\u00f3n con un ataque fuera de l\u00ednea, podr\u00eda usarse para descifrar texto cifrado arbitrario y potencialmente derivar la subclave de autenticaci\u00f3n cuando se utiliza el motor de secretos de tr\u00e1nsito sin cifrado convergente. Introducido en 1.6.0 y corregido en 1.14.3, 1.13.7 y 1.12.11."
}
],
"id": "CVE-2023-4680",
"lastModified": "2024-11-21T08:35:40.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-15T00:15:07.967",
"references": [
{
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249"
}
],
"sourceIdentifier": "security@hashicorp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-323"
}
],
"source": "security@hashicorp.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}