VYPR

Vault Enterprise

by Hashicorp

Source repositories

CVEs (66)

  • CVE-2021-27400Apr 22, 2021
    risk 0.00cvss epss 0.01

    HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1

  • CVE-2021-29653Apr 22, 2021
    risk 0.00cvss epss 0.01

    HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.

  • CVE-2021-3024Feb 1, 2021
    risk 0.00cvss epss 0.01

    HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.

  • CVE-2020-25594Feb 1, 2021
    risk 0.00cvss epss 0.01

    HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.

  • CVE-2020-36164Jan 6, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does not exist) at the following locations in both the System drive (typically C:\)…

  • CVE-2020-35453Dec 17, 2020
    risk 0.00cvss epss 0.01

    HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.

Page 4 of 4