1. CVE-Search
  2. CVE-2021-38554
ID CVE-2021-38554
Summary HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
References
Vulnerable Configurations
  • cpe:2.3:a:hashicorp:vault:0.9.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:0.9.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:0.11.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:0.11.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.0.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.0.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.0.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.0.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.0.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.0.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.0.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.0.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.0:-:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.0:-:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.0:beta1:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.0:beta1:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.0:beta2:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.0:beta2:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.4:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.4:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.5:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.5:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.0:-:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.0:-:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.0:beta1:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.0:beta1:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.0:beta2:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.0:beta2:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.0:rc1:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.0:rc1:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.4:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.4:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.5:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.5:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.0:-:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.0:-:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.0:beta1:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.0:beta1:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.4:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.4:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.5:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.5:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.6:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.6:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.8:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.8:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.4:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.4:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.5:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.5:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.5.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.5.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.6:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.6:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.7:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.7:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.2.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.2.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.4:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.4:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.5:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.5:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.6:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.6:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.7:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.7:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.8:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.8:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.6.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.6.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.6.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.6.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.6.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.6.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.6.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.6.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.6.4:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.6.4:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.6.5:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.6.5:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.0:-:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.0:-:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.0:rc1:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.0:rc1:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.0:rc2:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.0:rc2:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.4:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.4:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.5:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.5:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.6:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.6:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.7:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.7:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.8:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.8:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.9:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.9:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.10:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.10:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:vault:0.10.0:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:0.10.0:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.0.0:-:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.0.0:-:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.0.1:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.0.2:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.0.3:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.0.3:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.0:-:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.0:-:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.0:beta1:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.0:beta1:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.0:beta2:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.0:beta2:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.1:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.1:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.2:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.2:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.3:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.3:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.4:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.4:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.1.5:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.1.5:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.0:-:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.0:-:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.0:beta1:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.0:beta1:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.0:beta2:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.0:beta2:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.0:rc1:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.0:rc1:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.1:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.1:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.2:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.2:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.3:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.3:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.4:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.4:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.2.5:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.2.5:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.0:-:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.0:-:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.0:beta1:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.0:beta1:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.1:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.1:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.2:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.2:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.3:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.3:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.4:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.4:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.5:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.5:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.6:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.6:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.3.8:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.3.8:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.0:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.0:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.0:beta1:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.0:beta1:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.0:rc1:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.0:rc1:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.1:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.1:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.2:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.2:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.3:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.3:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.4:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.4:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.5:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.5:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.5.1:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.5.1:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.6:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.6:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.4.7:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.4.7:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.0:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.0:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.1:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.1:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.2:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.2:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.2.1:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.2.1:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.3:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.3:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.4:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.4:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.5:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.5:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.6:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.6:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.7:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.7:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.8:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.8:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.5.9:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.5.9:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.6.0:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.6.0:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.6.1:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.6.1:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.6.2:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.6.2:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.6.3:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.6.3:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.6.4:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.6.4:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.6.5:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.6.5:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.0:-:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.0:-:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.0:rc1:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.0:rc1:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.0:rc2:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.0:rc2:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.1:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.1:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.2:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.2:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.3:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.3:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.4:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.4:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.5:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.5:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.6:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.6:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.7:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.7:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.8:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.8:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.9:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.9:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:vault:1.7.10:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:vault:1.7.10:*:*:*:-:*:*:*
CVSS
Base: 3.5 (as of 08-09-2022 - 21:37)
Impact:
Exploitability:
CWE CWE-212
CAPEC
  • Windows ::DATA Alternate Data Stream
    An attacker exploits the functionality of Microsoft NTFS Alternate Data Streams (ADS) to undermine system security. ADS allows multiple "files" to be stored in one directory entry referenced as filename:streamname. One or more alternate data streams may be stored in any file or directory. Normal Microsoft utilities do not show the presence of an ADS stream attached to a file. The additional space for the ADS is not recorded in the displayed file size. The additional space for ADS is accounted for in the used space on the volume. An ADS can be any type of file. ADS are copied by standard Microsoft utilities between NTFS volumes. ADS can be used by an attacker or intruder to hide tools, scripts, and data from detection by normal system utilities. Many anti-virus programs do not check for or scan ADS. Windows Vista does have a switch (-R) on the command line DIR command that will display alternate streams.
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:N/A:N
Last major update 08-09-2022 - 21:37
Published 13-08-2021 - 16:15
Last modified 08-09-2022 - 21:37
Back to Top