Hashicorp Vault Vulnerabilities
Hashicorp Vault vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Root Privileges Escalation Vulnerability in Vault
CVE-2024-9180HashicorpVault7.2HIGHVault SSH secrets engine vulnerability: unauthorized access via SSH certificates
CVE-2024-7594HashicorpVault7.5HIGHVault Leaks AppRole Client Tokens And Accessor in Audit Log
CVE-2024-8365HashicorpVault6.5MEDIUMVault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
CVE-2024-5798HashicorpVault2.6LOWVault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node
CVE-2024-2877HashicorpVault Enterprise5.5MEDIUMOCSP Response Validation Fix for Vault and Vault Enterprise TLS Certificates
CVE-2024-2660HashicorpVault6.4MEDIUMCertificate Validation Bypass Vulnerability
CVE-2024-2048HashicorpVaultππ°8.1HIGHVault May Expose Sensitive Information When Configuring An Audit Log Device
CVE-2024-0831HashicorpVault6.5MEDIUMVault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
CVE-2023-6337HashiCorpVault7.5HIGHVault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
CVE-2023-5954HashiCorpVault7.5HIGHVault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
CVE-2023-3775HashicorpVault Enterprise4.9MEDIUMVault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
CVE-2023-5077HashicorpVault7.5HIGHVault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
CVE-2023-4680HashicorpVault6.8MEDIUMVault's LDAP Auth Method Allows for User Enumeration
CVE-2023-3462HashicorpVault5.3MEDIUMVault Enterprise Namespace Creation May Lead to Denial of Service
CVE-2023-3774HashicorpVault Enterprise4.9MEDIUMVaultβs KV Diff Viewer Allowed for HTML Injection
CVE-2023-2121HashiCorpVault5.4MEDIUMVault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM
CVE-2023-2197HashicorpVault Enterprise2.5LOWVault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata
CVE-2023-0665HashicorpVault6.5MEDIUMVault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations
CVE-2023-25000HashiCorpVault4.7MEDIUMVault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Backend
CVE-2023-0620HashicorpVault6.5MEDIUMVault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation
CVE-2023-24999HashiCorpVault8.1HIGHTLS Certificate Authentication Method Issue in HashiCorp Vault and Vault Enterprise
CVE-2022-41316HashicorpVault5.3MEDIUMIdentity Engine Vulnerability in HashiCorp Vault Affects Multiple Mount Accessors
CVE-2022-40186HashicorpVault9.1CRITICALUnauthenticated API Vulnerability in HashiCorp Vault Enterprise
CVE-2022-36129HashicorpVault9.1CRITICALImproper MFA Configuration in HashiCorp Vault and Vault Enterprise
CVE-2022-30689HashicorpVault5.3MEDIUM