Unrated severityNVD Advisory· Published Feb 1, 2021· Updated Aug 4, 2024
CVE-2020-25594
CVE-2020-25594
Description
HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- HashiCorp/Vaultdescription
- Range: < 1.6.2 & < 1.5.7
Patches
Vulnerability mechanics
References
2- security.gentoo.org/glsa/202207-01mitrevendor-advisoryx_refsource_GENTOO
- discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.