VYPR

Vault

by Hashicorp

Source repositories

CVEs (47)

  • CVE-2022-25243Mar 7, 2022
    risk 0.00cvss epss 0.01

    "Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in…

  • CVE-2021-45042Dec 17, 2021
    risk 0.00cvss epss 0.01

    In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage…

  • CVE-2021-27400Apr 22, 2021
    risk 0.00cvss epss 0.01

    HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1

  • CVE-2021-29653Apr 22, 2021
    risk 0.00cvss epss 0.01

    HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.

  • CVE-2021-3024Feb 1, 2021
    risk 0.00cvss epss 0.01

    HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.

  • CVE-2020-25594Feb 1, 2021
    risk 0.00cvss epss 0.01

    HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.

  • CVE-2018-19786Dec 5, 2018
    risk 0.00cvss epss 0.01

    HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.

Page 3 of 3