Hashicorp Vault Enterprise Vulnerabilities

Hashicorp Vault Enterprise vulnerabilities.

10 October 2024

Root Privileges Escalation Vulnerability in Vault
CVE-2024-9180
HashicorpVault7.2HIGH

26 September 2024

Vault SSH secrets engine vulnerability: unauthorized access via SSH certificates
CVE-2024-7594
HashicorpVault7.5HIGH

2 September 2024

Vault Leaks AppRole Client Tokens And Accessor in Audit Log
CVE-2024-8365
HashicorpVault6.5MEDIUM

12 June 2024

Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
CVE-2024-5798
HashicorpVault2.6LOW

30 April 2024

Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node
CVE-2024-2877
HashicorpVault Enterprise5.5MEDIUM

4 April 2024

OCSP Response Validation Fix for Vault and Vault Enterprise TLS Certificates
CVE-2024-2660
HashicorpVault6.4MEDIUM

4 March 2024

Certificate Validation Bypass Vulnerability
CVE-2024-2048
HashicorpVault📈📰8.1HIGH

1 February 2024

Vault May Expose Sensitive Information When Configuring An Audit Log Device
CVE-2024-0831
HashicorpVault6.5MEDIUM

8 December 2023

Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
CVE-2023-6337
HashiCorpVault7.5HIGH

9 November 2023

Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
CVE-2023-5954
HashiCorpVault7.5HIGH

29 September 2023

15 September 2023

Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
CVE-2023-4680
HashicorpVault6.8MEDIUM

31 July 2023

Vault's LDAP Auth Method Allows for User Enumeration
CVE-2023-3462
HashicorpVault5.3MEDIUM

28 July 2023

Vault Enterprise Namespace Creation May Lead to Denial of Service
CVE-2023-3774
HashicorpVault Enterprise4.9MEDIUM

9 June 2023

Vault’s KV Diff Viewer Allowed for HTML Injection
CVE-2023-2121
HashiCorpVault5.4MEDIUM

1 May 2023

Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM
CVE-2023-2197
HashicorpVault Enterprise2.5LOW

30 March 2023

11 March 2023

Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation
CVE-2023-24999
HashiCorpVault8.1HIGH

No more vulnerabilities to load.