Vulnerabilites related to HashiCorp - Vault
cve-2022-25243
Vulnerability from cvelistv5
Published
2022-03-07 21:45
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com | x_refsource_MISC | |
| https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:36:06.555Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "\"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-01T20:09:21", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com", }, { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-25243", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "\"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://discuss.hashicorp.com", refsource: "MISC", url: "https://discuss.hashicorp.com", }, { name: "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600", refsource: "MISC", url: "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600", }, { name: "GLSA-202207-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202207-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-25243", datePublished: "2022-03-07T21:45:16", dateReserved: "2022-02-16T00:00:00", dateUpdated: "2024-08-03T04:36:06.555Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0620
Vulnerability from cvelistv5
Published
2023-03-30 00:28
Modified
2025-02-13 16:39
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.
This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.13.0 ≤ Version: 1.12.0 ≤ Version: 0.8.0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:50.188Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230526-0008/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0620", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-12T14:59:29.534068Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T14:59:38.091Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.13.1", status: "affected", version: "1.13.0", versionType: "semver", }, { lessThan: "1.12.5", status: "affected", version: "1.12.0", versionType: "semver", }, { lessThan: "1.11.9", status: "affected", version: "0.8.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Android", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault Enterprise", vendor: "HashiCorp", versions: [ { lessThan: "1.13.1", status: "affected", version: "1.13.0", versionType: "semver", }, { lessThan: "1.12.5", status: "affected", version: "1.12.0", versionType: "semver", }, { lessThan: "1.11.9", status: "affected", version: "0.8.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Yuval Ostrovsky, Gal Goldshtein, Daniel Abeles of Oxeye", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.</p>This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.", }, ], value: "HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.\n\nThis issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.", }, ], impacts: [ { capecId: "CAPEC-66", descriptions: [ { lang: "en", value: "CAPEC-66 SQL Injection", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-26T19:06:25.161Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1", }, { url: "https://security.netapp.com/advisory/ntap-20230526-0008/", }, ], source: { advisory: "HCSEC-2023-12", discovery: "EXTERNAL", }, title: "Vault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Backend", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2023-0620", datePublished: "2023-03-30T00:28:13.301Z", dateReserved: "2023-02-01T21:59:23.556Z", dateUpdated: "2025-02-13T16:39:02.965Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-19786
Vulnerability from cvelistv5
Published
2018-12-05 09:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:44:20.382Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-12-05T00:00:00", descriptions: [ { lang: "en", value: "HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-05T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-19786", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018", refsource: "CONFIRM", url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-19786", datePublished: "2018-12-05T09:00:00", dateReserved: "2018-11-30T00:00:00", dateUpdated: "2024-08-05T11:44:20.382Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36129
Vulnerability from cvelistv5
Published
2022-07-26 22:21
Modified
2024-08-03 10:00
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com | x_refsource_MISC | |
| https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220901-0011/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:00:01.365Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220901-0011/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-01T13:06:33", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com", }, { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220901-0011/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36129", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://discuss.hashicorp.com", refsource: "MISC", url: "https://discuss.hashicorp.com", }, { name: "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420", refsource: "MISC", url: "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420", }, { name: "https://security.netapp.com/advisory/ntap-20220901-0011/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220901-0011/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36129", datePublished: "2022-07-26T22:21:51", dateReserved: "2022-07-18T00:00:00", dateUpdated: "2024-08-03T10:00:01.365Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7594
Vulnerability from cvelistv5
Published
2024-09-26 19:52
Modified
2025-01-10 13:06
Severity ?
EPSS score ?
Summary
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.7.7 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:hashicorp:vault_enterprise:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vault_enterprise", vendor: "hashicorp", versions: [ { lessThan: "1.17.6", status: "affected", version: "1.7.7", versionType: "semver", }, { status: "affected", version: "1.16.9", }, { status: "affected", version: "1.15.14", }, ], }, { cpes: [ "cpe:2.3:a:hashicorp:vault_community_edition:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vault_community_edition", vendor: "hashicorp", versions: [ { lessThan: "1.17.6", status: "affected", version: "1.7.7", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-7594", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T20:24:40.797176Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:29:58.984Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-01-10T13:06:49.543Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20250110-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.17.6", status: "affected", version: "1.7.7", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault Enterprise", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { changes: [ { at: "1.16.10", status: "unaffected", }, { at: "1.15.15", status: "unaffected", }, ], lessThan: "1.17.6", status: "affected", version: "1.7.7", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.</p><br/>", }, ], value: "Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.", }, ], impacts: [ { capecId: "CAPEC-1", descriptions: [ { lang: "en", value: "CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs", }, ], }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-732", description: "CWE-732: Incorrect Permission Assignment for Critical Resource", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-26T19:56:15.934Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2024-20-vault-ssh-secrets-engine-configuration-did-not-restrict-valid-principals-by-default/70251", }, ], source: { advisory: "HCSEC-2024-20", discovery: "EXTERNAL", }, title: "Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2024-7594", datePublished: "2024-09-26T19:52:55.652Z", dateReserved: "2024-08-07T17:46:31.343Z", dateUpdated: "2025-01-10T13:06:49.543Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25816
Vulnerability from cvelistv5
Published
2020-09-30 19:44
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault | x_refsource_MISC | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:40:36.981Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.hashicorp.com/blog/category/vault", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-12T18:26:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.hashicorp.com/blog/category/vault", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-25816", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.hashicorp.com/blog/category/vault", refsource: "MISC", url: "https://www.hashicorp.com/blog/category/vault", }, { name: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154", refsource: "CONFIRM", url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-25816", datePublished: "2020-09-30T19:44:01", dateReserved: "2020-09-23T00:00:00", dateUpdated: "2024-08-04T15:40:36.981Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5077
Vulnerability from cvelistv5
Published
2023-09-28 23:24
Modified
2024-09-26 21:57
Severity ?
EPSS score ?
Summary
The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 0.10.0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:44:53.829Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "vault", vendor: "hashicorp", versions: [ { lessThan: "1.13.0", status: "affected", version: "0.10.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", ], defaultStatus: "unaffected", product: "vault", vendor: "hashicorp", versions: [ { lessThan: "1.13.0", status: "affected", version: "00.10.0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-5077", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-23T18:01:43.234358Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-23T18:04:49.264Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.13.0", status: "affected", version: "0.10.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault Enterprise", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.13.0", status: "affected", version: "0.10.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>The Vault and Vault Enterprise (\"Vault\") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.</p><br/>", }, ], value: "The Vault and Vault Enterprise (\"Vault\") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.", }, ], impacts: [ { capecId: "CAPEC-122", descriptions: [ { lang: "en", value: "CAPEC-122: Privilege Abuse", }, ], }, ], metrics: [ { cvssV3_1: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266: Incorrect Privilege Assignment", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-26T21:57:22.469Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654", }, ], source: { advisory: "HCSEC-2023-30", discovery: "EXTERNAL", }, title: "Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2023-5077", datePublished: "2023-09-28T23:24:28.643Z", dateReserved: "2023-09-19T20:49:08.136Z", dateUpdated: "2024-09-26T21:57:22.469Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8365
Vulnerability from cvelistv5
Published
2024-09-02 01:30
Modified
2024-09-04 17:18
Severity ?
EPSS score ?
Summary
Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.17.3 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-8365", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-03T13:51:10.738646Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-03T13:51:51.953Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.17.5", status: "affected", version: "1.17.3", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault Enterprise", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { changes: [ { at: "1.16.9", status: "unaffected", }, { at: "1.17.3", status: "unaffected", }, ], lessThan: "1.17.5", status: "affected", version: "1.16.7", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.</p><br/>", }, ], value: "Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.", }, ], impacts: [ { capecId: "CAPEC-118", descriptions: [ { lang: "en", value: "CAPEC-118: Collect and Analyze Information", }, ], }, ], metrics: [ { cvssV3_1: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532: Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-04T17:18:36.980Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2024-18-vault-leaks-client-token-and-token-accessor-in-audit-devices/", }, ], source: { advisory: "HCSEC-2024-HCSEC-2024-18", discovery: "INTERNAL", }, title: "Vault Leaks AppRole Client Tokens And Accessor in Audit Log", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2024-8365", datePublished: "2024-09-02T01:30:56.618Z", dateReserved: "2024-08-30T22:54:58.745Z", dateUpdated: "2024-09-04T17:18:36.980Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-7220
Vulnerability from cvelistv5
Published
2020-01-23 17:41
Modified
2024-08-04 09:25
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:25:47.990Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-23T17:41:28", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-7220", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.hashicorp.com/blog/category/vault/", refsource: "MISC", url: "https://www.hashicorp.com/blog/category/vault/", }, { name: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020", refsource: "CONFIRM", url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-7220", datePublished: "2020-01-23T17:41:28", dateReserved: "2020-01-17T00:00:00", dateUpdated: "2024-08-04T09:25:47.990Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-2121
Vulnerability from cvelistv5
Published
2023-06-09 16:59
Modified
2025-01-06 18:15
Severity ?
EPSS score ?
Summary
Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.13.0 ≤ Version: 1.12.0 ≤ Version: 1.11.0 ≤ Version: 1.10.0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:12:20.468Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-2121", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-06T18:14:31.031750Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-06T18:15:00.958Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.13.3", status: "affected", version: "1.13.0", versionType: "semver", }, { lessThan: "1.12.7", status: "affected", version: "1.12.0", versionType: "semver", }, { lessThan: "1.11.11", status: "affected", version: "1.11.0", versionType: "semver", }, { lessThan: "1.11.0", status: "affected", version: "1.10.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault Enterprise", vendor: "HashiCorp", versions: [ { lessThan: "1.13.3", status: "affected", version: "1.13.0", versionType: "semver", }, { lessThan: "1.12.7", status: "affected", version: "1.12.0", versionType: "semver", }, { lessThan: "1.11.11", status: "affected", version: "1.11.0", versionType: "semver", }, { lessThan: "1.11.0", status: "affected", version: "1.10.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.", }, ], value: "Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-09T16:59:49.065Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814", }, ], source: { discovery: "EXTERNAL", }, title: "Vault’s KV Diff Viewer Allowed for HTML Injection", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2023-2121", datePublished: "2023-06-09T16:59:49.065Z", dateReserved: "2023-04-17T14:51:51.916Z", dateUpdated: "2025-01-06T18:15:00.958Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-2660
Vulnerability from cvelistv5
Published
2024-04-04 17:55
Modified
2024-09-26 00:13
Severity ?
EPSS score ?
Summary
Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.14.0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-2660", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-09T16:05:40.204182Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:29:09.743Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T19:18:48.125Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240524-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.16.0", status: "affected", version: "1.14.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault Enterprise", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { changes: [ { at: "1.14.11", status: "unaffected", }, { at: "1.15.7", status: "unaffected", }, ], lessThan: "1.16.0", status: "affected", version: "1.14.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.</p><br/>", }, ], value: "Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.", }, ], impacts: [ { capecId: "CAPEC-26", descriptions: [ { lang: "en", value: "CAPEC-26: Leveraging Race Conditions", }, ], }, ], metrics: [ { cvssV3_1: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-636", description: "CWE-636: Not Failing Securely (Failing Open)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-26T00:13:17.242Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573", }, ], source: { advisory: "HCSEC-2024-07", discovery: "INTERNAL", }, title: "Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2024-2660", datePublished: "2024-04-04T17:55:20.192Z", dateReserved: "2024-03-19T17:34:27.401Z", dateUpdated: "2024-09-26T00:13:17.242Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3282
Vulnerability from cvelistv5
Published
2021-02-01 15:38
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:53:16.031Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-01T20:08:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-3282", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337", refsource: "MISC", url: "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337", }, { name: "GLSA-202207-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202207-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-3282", datePublished: "2021-02-01T15:38:48", dateReserved: "2021-01-22T00:00:00", dateUpdated: "2024-08-03T16:53:16.031Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-30689
Vulnerability from cvelistv5
Published
2022-05-17 17:23
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220629-0006/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:56:13.763Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220629-0006/", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-01T20:07:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220629-0006/", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-30689", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://discuss.hashicorp.com", refsource: "MISC", url: "https://discuss.hashicorp.com", }, { name: "https://security.netapp.com/advisory/ntap-20220629-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220629-0006/", }, { name: "GLSA-202207-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202207-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-30689", datePublished: "2022-05-17T17:23:05", dateReserved: "2022-05-13T00:00:00", dateUpdated: "2024-08-03T06:56:13.763Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24999
Vulnerability from cvelistv5
Published
2023-03-10 23:12
Modified
2025-03-03 20:46
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.12.0 ≤ Version: 1.11.0 ≤ Version: 0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:11:43.737Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230505-0001/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-24999", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-03T20:46:14.337962Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-03T20:46:23.638Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.12.4", status: "affected", version: "1.12.0", versionType: "semver", }, { lessThan: "1.11.8", status: "affected", version: "1.11.0", versionType: "semver", }, { lessThan: "1.10.11", status: "affected", version: "0", versionType: "semver", }, ], }, { platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault Enterprise", vendor: "HashiCorp", versions: [ { lessThan: "1.12.4", status: "affected", version: "1.12.0", versionType: "semver", }, { lessThan: "1.11.8", status: "affected", version: "1.11.0", versionType: "semver", }, { lessThan: "1.10.11", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.</p><br>", }, ], value: "HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.", }, ], impacts: [ { capecId: "CAPEC-1", descriptions: [ { lang: "en", value: "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-05T19:06:12.956Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305", }, { url: "https://security.netapp.com/advisory/ntap-20230505-0001/", }, ], source: { discovery: "EXTERNAL", }, title: "Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2023-24999", datePublished: "2023-03-10T23:12:47.638Z", dateReserved: "2023-02-01T17:54:13.893Z", dateUpdated: "2025-03-03T20:46:23.638Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-0831
Vulnerability from cvelistv5
Published
2024-02-01 01:41
Modified
2025-02-13 17:27
Severity ?
EPSS score ?
Summary
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.15.0 ≤ 1.15.4 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-0831", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-01T14:27:53.989443Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:51.524Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T18:18:18.883Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311", }, { tags: [ "x_transferred", ], url: "https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240223-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThanOrEqual: "1.15.4", status: "affected", version: "1.15.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault Enterprise", vendor: "HashiCorp", versions: [ { lessThanOrEqual: "1.15.4", status: "affected", version: "1.15.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p><span style=\"background-color: transparent;\">Vault and Vault Enterprise (“Vault”) </span><span style=\"background-color: rgb(255, 255, 255);\">may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.</span></p><br><br>", }, ], value: "Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.", }, ], impacts: [ { capecId: "CAPEC-268", descriptions: [ { lang: "en", value: "CAPEC-268 Audit Log Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532: Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-23T16:06:01.441Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311", }, { url: "https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration", }, { url: "https://security.netapp.com/advisory/ntap-20240223-0005/", }, ], source: { discovery: "INTERNAL", }, title: "Vault May Expose Sensitive Information When Configuring An Audit Log Device", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2024-0831", datePublished: "2024-02-01T01:41:33.801Z", dateReserved: "2024-01-23T17:42:40.228Z", dateUpdated: "2025-02-13T17:27:29.010Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41316
Vulnerability from cvelistv5
Published
2022-10-12 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:44.924Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com", }, { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221201-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-02T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://discuss.hashicorp.com", }, { url: "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483", }, { url: "https://security.netapp.com/advisory/ntap-20221201-0001/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-41316", datePublished: "2022-10-12T00:00:00", dateReserved: "2022-09-23T00:00:00", dateUpdated: "2024-08-03T12:42:44.924Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35192
Vulnerability from cvelistv5
Published
2020-12-17 01:33
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/koharin/koharin2/blob/main/CVE-2020-35192 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:02:06.882Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-17T01:33:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-35192", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192", refsource: "MISC", url: "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-35192", datePublished: "2020-12-17T01:33:02", dateReserved: "2020-12-12T00:00:00", dateUpdated: "2024-08-04T17:02:06.882Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3024
Vulnerability from cvelistv5
Published
2021-02-01 15:45
Modified
2024-08-03 16:45
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:45:50.722Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-01T20:09:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-3024", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334", refsource: "MISC", url: "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334", }, { name: "GLSA-202207-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202207-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-3024", datePublished: "2021-02-01T15:45:23", dateReserved: "2021-01-05T00:00:00", dateUpdated: "2024-08-03T16:45:50.722Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38554
Vulnerability from cvelistv5
Published
2021-08-13 15:45
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:44:23.408Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-01T20:09:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-38554", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166", refsource: "MISC", url: "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166", }, { name: "GLSA-202207-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202207-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-38554", datePublished: "2021-08-13T15:45:50", dateReserved: "2021-08-11T00:00:00", dateUpdated: "2024-08-04T01:44:23.408Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3462
Vulnerability from cvelistv5
Published
2023-07-31 22:40
Modified
2024-10-21 18:04
Severity ?
EPSS score ?
Summary
HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.13.0 ≤ 1.13.4 Version: 1.14.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:55:03.557Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3462", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T18:04:26.770286Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T18:04:40.093Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", platforms: [ "Windows", "MacOS", "Linux", "x86", "64 bit", "32 bit", "ARM", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThanOrEqual: "1.13.4", status: "affected", version: "1.13.0", versionType: "semver", }, { status: "affected", version: "1.14.0", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault Enterprise", vendor: "HashiCorp", versions: [ { lessThanOrEqual: "1.13.4", status: "affected", version: "1.13.0", versionType: "semver", }, { status: "affected", version: "1.14.0", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Jared Johnstone", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.", }, ], value: "HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.", }, ], impacts: [ { capecId: "CAPEC-575", descriptions: [ { lang: "en", value: "CAPEC-575 Account Footprinting", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-203", description: "CWE-203 Observable Discrepancy", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-31T22:40:23.432Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714", }, ], source: { discovery: "EXTERNAL", }, title: "Vault's LDAP Auth Method Allows for User Enumeration", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2023-3462", datePublished: "2023-07-31T22:40:23.432Z", dateReserved: "2023-06-29T19:00:52.239Z", dateUpdated: "2024-10-21T18:04:40.093Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27668
Vulnerability from cvelistv5
Published
2021-08-31 17:01
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:26:10.800Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-01T20:06:49", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27668", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427", refsource: "MISC", url: "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427", }, { name: "GLSA-202207-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202207-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-27668", datePublished: "2021-08-31T17:01:43", dateReserved: "2021-02-24T00:00:00", dateUpdated: "2024-08-03T21:26:10.800Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25594
Vulnerability from cvelistv5
Published
2021-02-01 15:41
Modified
2024-08-04 15:33
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:33:05.746Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-01T20:07:59", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-25594", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336", refsource: "MISC", url: "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336", }, { name: "GLSA-202207-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202207-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-25594", datePublished: "2021-02-01T15:41:36", dateReserved: "2020-09-15T00:00:00", dateUpdated: "2024-08-04T15:33:05.746Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-32923
Vulnerability from cvelistv5
Published
2021-06-03 10:38
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
| https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:33:56.091Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-01T20:08:47", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-32923", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.hashicorp.com/blog/category/vault/", refsource: "MISC", url: "https://www.hashicorp.com/blog/category/vault/", }, { name: "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603", refsource: "MISC", url: "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603", }, { name: "GLSA-202207-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202207-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-32923", datePublished: "2021-06-03T10:38:26", dateReserved: "2021-05-13T00:00:00", dateUpdated: "2024-08-03T23:33:56.091Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35453
Vulnerability from cvelistv5
Published
2020-12-17 04:22
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:02:07.977Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-17T04:22:34", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-35453", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", refsource: "CONFIRM", url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", }, { name: "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983", refsource: "CONFIRM", url: "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-35453", datePublished: "2020-12-17T04:22:34", dateReserved: "2020-12-14T00:00:00", dateUpdated: "2024-08-04T17:02:07.977Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-6468
Vulnerability from cvelistv5
Published
2024-07-11 20:40
Modified
2024-08-01 21:41
Severity ?
EPSS score ?
Summary
Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service.
While this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur.
Fixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.10.0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vault", vendor: "hashicorp", versions: [ { lessThan: "1.15.11", status: "affected", version: "1.10.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:hashicorp:vault_enterprise:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vault_enterprise", vendor: "hashicorp", versions: [ { lessThan: "1.15.11", status: "affected", version: "1.10.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-6468", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-12T14:14:37.815771Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-12T14:16:55.605Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:41:03.514Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2024-14-vault-vulnerable-to-denial-of-service-when-setting-a-proxy-protocol-behavior/68518", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.15.11", status: "affected", version: "1.10.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault Enterprise", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.15.11", status: "affected", version: "1.10.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service.\n\nWhile this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur.\n\nFixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12.</p><br/>", }, ], value: "Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service.\n\nWhile this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur.\n\nFixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12.", }, ], impacts: [ { capecId: "CAPEC-469", descriptions: [ { lang: "en", value: "CAPEC-469: HTTP DoS", }, ], }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-703", description: "CWE-703: Improper Check or Handling of Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-11T20:40:12.298Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2024-14-vault-vulnerable-to-denial-of-service-when-setting-a-proxy-protocol-behavior/68518", }, ], source: { advisory: "HCSEC-2024-HCSEC-2024-14", discovery: "INTERNAL", }, title: "Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2024-6468", datePublished: "2024-07-11T20:40:12.298Z", dateReserved: "2024-07-03T03:55:06.235Z", dateUpdated: "2024-08-01T21:41:03.514Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5798
Vulnerability from cvelistv5
Published
2024-06-12 18:55
Modified
2024-08-01 21:25
Severity ?
EPSS score ?
Summary
Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected.
This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 0.11.0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-5798", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-13T19:32:41.996739Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-13T19:32:53.402Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:25:02.659Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2024-11-vault-incorrectly-validated-json-web-tokens-jwt-audience-claims/67770", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { changes: [ { at: "1.15.9", status: "unaffected", }, { at: "1.14.13", status: "unaffected", }, ], lessThan: "1.16.2", status: "affected", version: "0.11.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault Enterprise", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { changes: [ { at: "1.15.9", status: "unaffected", }, { at: "1.14.13", status: "unaffected", }, ], lessThan: "1.16.2", status: "affected", version: "0.11.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected.\n\nThis vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9</p><br/>", }, ], value: "Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected.\n\nThis vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9", }, ], impacts: [ { capecId: "CAPEC-1", descriptions: [ { lang: "en", value: "CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs", }, ], }, ], metrics: [ { cvssV3_1: { baseScore: 2.6, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285: Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-12T18:55:24.788Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2024-11-vault-incorrectly-validated-json-web-tokens-jwt-audience-claims/67770", }, ], source: { advisory: "HCSEC-2024-HCSEC-2024-11", discovery: "EXTERNAL", }, title: "Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2024-5798", datePublished: "2024-06-12T18:55:24.788Z", dateReserved: "2024-06-10T15:46:30.387Z", dateUpdated: "2024-08-01T21:25:02.659Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41802
Vulnerability from cvelistv5
Published
2021-10-08 17:00
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/ | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:22:24.278Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 2.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:N/PR:H/S:C/UI:R", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-01T20:06:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-41802", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:N/PR:H/S:C/UI:R", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/", refsource: "MISC", url: "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/", }, { name: "GLSA-202207-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202207-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41802", datePublished: "2021-10-08T17:00:01", dateReserved: "2021-09-29T00:00:00", dateUpdated: "2024-08-04T03:22:24.278Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38553
Vulnerability from cvelistv5
Published
2021-08-13 15:48
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:44:23.384Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-01T20:07:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-38553", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168", refsource: "MISC", url: "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168", }, { name: "GLSA-202207-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202207-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-38553", datePublished: "2021-08-13T15:48:47", dateReserved: "2021-08-11T00:00:00", dateUpdated: "2024-08-04T01:44:23.384Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0665
Vulnerability from cvelistv5
Published
2023-03-30 00:21
Modified
2025-02-13 16:39
Severity ?
EPSS score ?
Summary
HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.13.0 ≤ Version: 1.12.0 ≤ Version: 1.11.0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:17:50.328Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230526-0008/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-0665", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-12T15:00:11.247720Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T15:00:17.817Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.13.1", status: "affected", version: "1.13.0", versionType: "semver", }, { lessThan: "1.12.5", status: "affected", version: "1.12.0", versionType: "semver", }, { lessThan: "1.11.9", status: "affected", version: "1.11.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault Enterprise", vendor: "HashiCorp", versions: [ { lessThan: "1.13.1", status: "affected", version: "1.13.0", versionType: "semver", }, { lessThan: "1.12.5", status: "affected", version: "1.12.0", versionType: "semver", }, { lessThan: "1.11.9", status: "affected", version: "1.11.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9..", }, ], value: "HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285 Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-26T19:06:23.683Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1", }, { url: "https://security.netapp.com/advisory/ntap-20230526-0008/", }, ], source: { advisory: "HCSEC-2023-11", discovery: "INTERNAL", }, title: "Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2023-0665", datePublished: "2023-03-30T00:21:47.676Z", dateReserved: "2023-02-03T21:24:59.629Z", dateUpdated: "2025-02-13T16:39:04.425Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-45042
Vulnerability from cvelistv5
Published
2021-12-17 13:38
Modified
2024-08-04 04:32
Severity ?
EPSS score ?
Summary
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault | x_refsource_MISC | |
| https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:32:13.617Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.hashicorp.com/blog/category/vault", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-01T20:07:46", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.hashicorp.com/blog/category/vault", }, { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45042", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.hashicorp.com/blog/category/vault", refsource: "MISC", url: "https://www.hashicorp.com/blog/category/vault", }, { name: "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157", refsource: "MISC", url: "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157", }, { name: "GLSA-202207-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202207-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45042", datePublished: "2021-12-17T13:38:51", dateReserved: "2021-12-13T00:00:00", dateUpdated: "2024-08-04T04:32:13.617Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-9180
Vulnerability from cvelistv5
Published
2024-10-10 20:54
Modified
2024-11-08 22:27
Severity ?
EPSS score ?
Summary
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 0.10.4 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "vault", vendor: "hashicorp", versions: [ { lessThan: "1.18.0", status: "affected", version: "0.10.4", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", ], defaultStatus: "unaffected", product: "vault", vendor: "hashicorp", versions: [ { lessThan: "1.18.0", status: "affected", version: "0.10.4", versionType: "semver", }, { status: "unaffected", version: "1.17.7", }, { status: "unaffected", version: "1.16.11", }, { status: "unaffected", version: "1.15.16", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-9180", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T15:34:50.417514Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T22:27:31.042Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.18.0", status: "affected", version: "0.10.4", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault Enterprise", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { changes: [ { at: "1.17.7", status: "unaffected", }, { at: "1.16.10", status: "unaffected", }, { at: "1.15.16", status: "unaffected", }, ], lessThan: "1.18.0", status: "affected", version: "0.10.4", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.</p><br/>", }, ], value: "A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.", }, ], impacts: [ { capecId: "CAPEC-233", descriptions: [ { lang: "en", value: "CAPEC-233: Privilege Escalation", }, ], }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266: Incorrect Privilege Assignment", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-18T19:48:21.134Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565", }, ], source: { advisory: "HCSEC-2024-21", discovery: "INTERNAL", }, title: "Vault Operators in Root Namespace May Elevate Their Privileges", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2024-9180", datePublished: "2024-10-10T20:54:57.084Z", dateReserved: "2024-09-25T18:00:56.306Z", dateUpdated: "2024-11-08T22:27:31.042Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12757
Vulnerability from cvelistv5
Published
2020-06-10 18:46
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_CONFIRM | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:04:22.829Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-12T18:31:46", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-12757", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.hashicorp.com/blog/category/vault/", refsource: "CONFIRM", url: "https://www.hashicorp.com/blog/category/vault/", }, { name: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020", refsource: "MISC", url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12757", datePublished: "2020-06-10T18:46:12", dateReserved: "2020-05-09T00:00:00", dateUpdated: "2024-08-04T12:04:22.829Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4680
Vulnerability from cvelistv5
Published
2023-09-14 23:06
Modified
2024-09-26 17:38
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.14.0 ≤ Version: 1.13.0 ≤ Version: 1.12.0 ≤ Version: 1.6.0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:31:06.556Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vault", vendor: "hashicorp", versions: [ { lessThan: "1.14.3", status: "affected", version: "1.14.0", versionType: "custom", }, { lessThan: "1.13.7", status: "affected", version: "1.13.0", versionType: "custom", }, { lessThan: "1.12.11", status: "affected", version: "1.12.0", versionType: "custom", }, { lessThan: "1.12.0", status: "affected", version: "1.6.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:hashicorp:vault_enterprise:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vault_enterprise", vendor: "hashicorp", versions: [ { lessThan: "1.14.3", status: "affected", version: "1.14.0", versionType: "custom", }, { lessThan: "1.13.7", status: "affected", version: "1.13.0", versionType: "custom", }, { lessThan: "1.12.11", status: "affected", version: "1.12.0", versionType: "custom", }, { lessThan: "1.12.0", status: "affected", version: "1.6.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-4680", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-25T19:52:32.242060Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-25T19:58:36.730Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.14.3", status: "affected", version: "1.14.0", versionType: "semver", }, { lessThan: "1.13.7", status: "affected", version: "1.13.0", versionType: "semver", }, { lessThan: "1.12.11", status: "affected", version: "1.12.0", versionType: "semver", }, { lessThan: "1.12.0", status: "affected", version: "1.6.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault Enterprise", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.14.3", status: "affected", version: "1.14.0", versionType: "semver", }, { lessThan: "1.13.7", status: "affected", version: "1.13.0", versionType: "semver", }, { lessThan: "1.12.11", status: "affected", version: "1.12.0", versionType: "semver", }, { lessThan: "1.12.0", status: "affected", version: "1.6.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.</p><br/>", }, ], value: "HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.", }, ], impacts: [ { capecId: "CAPEC-220", descriptions: [ { lang: "en", value: "CAPEC-220: Cryptanalysis", }, ], }, ], metrics: [ { cvssV3_1: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-323", description: "CWE-323: Reusing a Nonce, Key Pair in Encryption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-26T17:38:48.629Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249", }, ], source: { advisory: "HCSEC-2023-28", discovery: "EXTERNAL", }, title: "Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2023-4680", datePublished: "2023-09-14T23:06:24.546Z", dateReserved: "2023-08-31T15:50:09.764Z", dateUpdated: "2024-09-26T17:38:48.629Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35177
Vulnerability from cvelistv5
Published
2020-12-17 04:17
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161 | x_refsource_CONFIRM | |
| https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:02:06.823Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-08T17:58:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-35177", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", refsource: "CONFIRM", url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", }, { name: "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984", refsource: "CONFIRM", url: "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-35177", datePublished: "2020-12-17T04:17:27", dateReserved: "2020-12-11T00:00:00", dateUpdated: "2024-08-04T17:02:06.823Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3775
Vulnerability from cvelistv5
Published
2023-09-28 23:17
Modified
2024-09-26 21:50
Severity ?
EPSS score ?
Summary
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HashiCorp | Vault Enterprise |
Version: 1.14.0 ≤ Version: 1.13.0 ≤ Version: 0.11.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:08:50.185Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3775", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-23T18:05:23.828194Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-23T18:05:32.075Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault Enterprise", vendor: "HashiCorp", versions: [ { lessThan: "1.14.4", status: "affected", version: "1.14.0", versionType: "semver", }, { lessThan: "1.13.8", status: "affected", version: "1.13.0", versionType: "semver", }, { lessThan: "1.13.0", status: "affected", version: "0.11.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.</p><br/>", }, ], value: "A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.", }, ], impacts: [ { capecId: "CAPEC-469", descriptions: [ { lang: "en", value: "CAPEC-469: HTTP DoS", }, ], }, ], metrics: [ { cvssV3_1: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266: Incorrect Privilege Assignment", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-26T21:50:59.474Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653", }, ], source: { advisory: "HCSEC-2023-29", discovery: "EXTERNAL", }, title: "Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2023-3775", datePublished: "2023-09-28T23:17:24.349Z", dateReserved: "2023-07-19T14:34:43.733Z", dateUpdated: "2024-09-26T21:50:59.474Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5954
Vulnerability from cvelistv5
Published
2023-11-09 20:13
Modified
2025-02-13 17:25
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.15.0 Version: 1.15.1 Version: 1.14.3 Version: 1.14.4 Version: 1.14.5 Version: 1.13.7 Version: 1.13.8 Version: 1.13.9 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:14:25.126Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231227-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault", vendor: "HashiCorp", versions: [ { status: "affected", version: "1.15.0", }, { status: "affected", version: "1.15.1", }, { status: "affected", version: "1.14.3", }, { status: "affected", version: "1.14.4", }, { status: "affected", version: "1.14.5", }, { status: "affected", version: "1.13.7", }, { status: "affected", version: "1.13.8", }, { status: "affected", version: "1.13.9", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault Enterprise", vendor: "HashiCorp", versions: [ { status: "affected", version: "1.15.0", }, { status: "affected", version: "1.15.1", }, { status: "affected", version: "1.14.3", }, { status: "affected", version: "1.14.4", }, { status: "affected", version: "1.14.5", }, { status: "affected", version: "1.13.7", }, { status: "affected", version: "1.13.8", }, { status: "affected", version: "1.13.9", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.", }, ], value: "HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401: Missing Release of Memory after Effective Lifetime", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-27T15:06:30.558Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926", }, { url: "https://security.netapp.com/advisory/ntap-20231227-0001/", }, ], source: { discovery: "INTERNAL", }, title: "Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2023-5954", datePublished: "2023-11-09T20:13:49.346Z", dateReserved: "2023-11-03T16:18:00.469Z", dateUpdated: "2025-02-13T17:25:58.499Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42135
Vulnerability from cvelistv5
Published
2021-10-11 02:52
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:38.162Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-11T02:52:59", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-42135", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/", refsource: "MISC", url: "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-42135", datePublished: "2021-10-11T02:52:59", dateReserved: "2021-10-11T00:00:00", dateUpdated: "2024-08-04T03:30:38.162Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8185
Vulnerability from cvelistv5
Published
2024-10-31 15:14
Modified
2024-10-31 17:11
Severity ?
EPSS score ?
Summary
Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.
This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.2.0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", ], defaultStatus: "unaffected", product: "vault", vendor: "hashicorp", versions: [ { lessThan: "1.18.1", status: "affected", version: "1.2.0", versionType: "custom", }, { status: "unaffected", version: "1.17.8", }, { status: "unaffected", version: "1.16.12", }, ], }, { cpes: [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:community:*:*:*", ], defaultStatus: "unaffected", product: "vault", vendor: "hashicorp", versions: [ { lessThan: "1.18.1", status: "affected", version: "1.2.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-8185", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-31T16:54:01.728268Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-31T17:11:35.647Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.18.1", status: "affected", version: "1.2.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault Enterprise", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { changes: [ { at: "1.17.8", status: "unaffected", }, { at: "1.16.12", status: "unaffected", }, ], lessThan: "1.18.1", status: "affected", version: "1.2.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.\n\nThis vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.</p><br/>", }, ], value: "Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.\n\nThis vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.", }, ], impacts: [ { capecId: "CAPEC-469", descriptions: [ { lang: "en", value: "CAPEC-469: HTTP DoS", }, ], }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-636", description: "CWE-636: Not Failing Securely (Failing Open)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-31T15:14:55.145Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2024-26-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-processing-raft-cluster-join-requests/71047", }, ], source: { advisory: "HCSEC-2024-26", discovery: "INTERNAL", }, title: "Vault Vulnerable to Denial of Service When Processing Raft Join Requests", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2024-8185", datePublished: "2024-10-31T15:14:55.145Z", dateReserved: "2024-08-26T16:24:04.547Z", dateUpdated: "2024-10-31T17:11:35.647Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43998
Vulnerability from cvelistv5
Published
2021-11-30 14:59
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.167Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-01T20:09:35", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132", }, { name: "GLSA-202207-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-43998", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132", refsource: "MISC", url: "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132", }, { name: "GLSA-202207-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202207-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-43998", datePublished: "2021-11-30T14:59:08", dateReserved: "2021-11-17T00:00:00", dateUpdated: "2024-08-04T04:10:17.167Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13223
Vulnerability from cvelistv5
Published
2020-06-10 18:45
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:11:19.474Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-12T18:51:03", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13223", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.hashicorp.com/blog/category/vault/", refsource: "MISC", url: "https://www.hashicorp.com/blog/category/vault/", }, { name: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020", refsource: "MISC", url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13223", datePublished: "2020-06-10T18:45:28", dateReserved: "2020-05-20T00:00:00", dateUpdated: "2024-08-04T12:11:19.474Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27400
Vulnerability from cvelistv5
Published
2021-04-22 16:48
Modified
2024-08-03 20:48
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:48:16.803Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-22T16:48:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-27400", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463", refsource: "CONFIRM", url: "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-27400", datePublished: "2021-04-22T16:48:07", dateReserved: "2021-02-19T00:00:00", dateUpdated: "2024-08-03T20:48:16.803Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-16250
Vulnerability from cvelistv5
Published
2020-08-26 14:17
Modified
2024-08-04 13:37
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:37:54.193Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-06T18:06:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-16250", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.hashicorp.com/blog/category/vault/", refsource: "MISC", url: "https://www.hashicorp.com/blog/category/vault/", }, { name: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151", refsource: "MISC", url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151", }, { name: "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-16250", datePublished: "2020-08-26T14:17:44", dateReserved: "2020-07-31T00:00:00", dateUpdated: "2024-08-04T13:37:54.193Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10661
Vulnerability from cvelistv5
Published
2020-03-23 12:57
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:06:10.651Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-23T12:57:03", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10661", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.hashicorp.com/blog/category/vault/", refsource: "MISC", url: "https://www.hashicorp.com/blog/category/vault/", }, { name: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020", refsource: "CONFIRM", url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10661", datePublished: "2020-03-23T12:57:03", dateReserved: "2020-03-18T00:00:00", dateUpdated: "2024-08-04T11:06:10.651Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40186
Vulnerability from cvelistv5
Published
2022-09-22 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:14:39.950Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com", }, { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221111-0008/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-14T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://discuss.hashicorp.com", }, { url: "https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550", }, { url: "https://security.netapp.com/advisory/ntap-20221111-0008/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-40186", datePublished: "2022-09-22T00:00:00", dateReserved: "2022-09-08T00:00:00", dateUpdated: "2024-08-03T12:14:39.950Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-2048
Vulnerability from cvelistv5
Published
2024-03-04 19:56
Modified
2025-02-13 17:32
Severity ?
EPSS score ?
Summary
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.15.5 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T19:03:37.841Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240524-0009/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:hashicorp:vault:1.15.5:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vault", vendor: "hashicorp", versions: [ { lessThan: "1.16.0", status: "affected", version: "1.15.5", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:hashicorp:vault_enterprise:1.15.5:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vault_enterprise", vendor: "hashicorp", versions: [ { lessThan: "1.16.0", status: "affected", version: "1.15.5", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-2048", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-05T15:35:21.923628Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-08T15:18:54.316Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { changes: [ { at: "1.14.10", status: "unaffected", }, ], lessThan: "1.16.0", status: "affected", version: "1.15.5", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault Enterprise", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { changes: [ { at: "1.14.10", status: "unaffected", }, ], lessThan: "1.16.0", status: "affected", version: "1.15.5", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.</p><br/>", }, ], value: "Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.", }, ], impacts: [ { capecId: "CAPEC-115", descriptions: [ { lang: "en", value: "CAPEC-115: Authentication Bypass", }, ], }, ], metrics: [ { cvssV3_1: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295: Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-10T16:10:19.447Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382", }, { url: "https://security.netapp.com/advisory/ntap-20240524-0009/", }, ], source: { advisory: "HCSEC-2024-05", discovery: "EXTERNAL", }, title: "Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2024-2048", datePublished: "2024-03-04T19:56:47.253Z", dateReserved: "2024-03-01T00:03:34.034Z", dateUpdated: "2025-02-13T17:32:32.417Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29653
Vulnerability from cvelistv5
Published
2021-04-22 16:41
Modified
2024-08-03 22:11
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:11:06.264Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-22T16:41:46", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-29653", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2", refsource: "CONFIRM", url: "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-29653", datePublished: "2021-04-22T16:41:46", dateReserved: "2021-03-31T00:00:00", dateUpdated: "2024-08-03T22:11:06.264Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6337
Vulnerability from cvelistv5
Published
2023-12-08 21:12
Modified
2025-02-13 17:26
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.
Fixed in Vault 1.15.4, 1.14.8, 1.13.12.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.12.0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:28:21.284Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240112-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { changes: [ { at: "1.14.8", status: "unaffected", }, { at: "1.13.2", status: "unaffected", }, ], lessThan: "1.15.4", status: "affected", version: "1.12.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault Enterprise", vendor: "HashiCorp", versions: [ { changes: [ { at: "1.14.8", status: "unaffected", }, { at: "1.13.2", status: "unaffected", }, ], lessThan: "1.15.4", status: "affected", version: "1.12.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: transparent;\">HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.<br><br>Fixed in <span style=\"background-color: transparent;\">Vault 1.15.4, 1.14.8, 1.13.12.</span><br></span><br>", }, ], value: "HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.\n\nFixed in Vault 1.15.4, 1.14.8, 1.13.12.", }, ], impacts: [ { capecId: "CAPEC-130", descriptions: [ { lang: "en", value: "CAPEC-130 Excessive Allocation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T14:06:26.047Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741", }, { url: "https://security.netapp.com/advisory/ntap-20240112-0006/", }, ], source: { advisory: "HCSEC-2023-34", discovery: "USER", }, title: "Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2023-6337", datePublished: "2023-12-08T21:12:31.712Z", dateReserved: "2023-11-27T18:55:16.606Z", dateUpdated: "2025-02-13T17:26:18.153Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-16251
Vulnerability from cvelistv5
Published
2020-08-26 14:19
Modified
2024-08-04 13:37
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:37:54.175Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-06T18:06:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-16251", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.hashicorp.com/blog/category/vault/", refsource: "MISC", url: "https://www.hashicorp.com/blog/category/vault/", }, { name: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151", refsource: "MISC", url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151", }, { name: "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-16251", datePublished: "2020-08-26T14:19:55", dateReserved: "2020-07-31T00:00:00", dateUpdated: "2024-08-04T13:37:54.175Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3774
Vulnerability from cvelistv5
Published
2023-07-28 00:45
Modified
2024-10-22 18:22
Severity ?
EPSS score ?
Summary
An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HashiCorp | Vault Enterprise |
Version: 1.14.0 Version: 1.13.4 Version: 1.12.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:08:49.980Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3774", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T18:22:20.353490Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-22T18:22:38.101Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux", ], product: "Vault Enterprise", vendor: "HashiCorp", versions: [ { status: "affected", version: "1.14.0", }, { status: "affected", version: "1.13.4", }, { status: "affected", version: "1.12.8", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.</p><br/>", }, ], value: "An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.", }, ], impacts: [ { capecId: "CAPEC-469", descriptions: [ { lang: "en", value: "CAPEC-469: HTTP DoS", }, ], }, ], metrics: [ { cvssV3_1: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-248", description: "CWE-248: Uncaught Exception", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-26T21:45:44.680Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617", }, ], source: { advisory: "HCSEC-2023-23", discovery: "INTERNAL", }, title: "Vault Enterprise Namespace Creation May Lead to Denial of Service", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2023-3774", datePublished: "2023-07-28T00:45:04.379Z", dateReserved: "2023-07-19T14:24:44.833Z", dateUpdated: "2024-10-22T18:22:38.101Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-25244
Vulnerability from cvelistv5
Published
2022-03-07 21:41
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:36:06.580Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-07T21:41:52", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com", }, { tags: [ "x_refsource_MISC", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-25244", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://discuss.hashicorp.com", refsource: "MISC", url: "https://discuss.hashicorp.com", }, { name: "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599", refsource: "MISC", url: "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-25244", datePublished: "2022-03-07T21:41:52", dateReserved: "2022-02-16T00:00:00", dateUpdated: "2024-08-03T04:36:06.580Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10660
Vulnerability from cvelistv5
Published
2020-03-23 12:55
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
| https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:06:10.655Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-23T12:55:42", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10660", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.hashicorp.com/blog/category/vault/", refsource: "MISC", url: "https://www.hashicorp.com/blog/category/vault/", }, { name: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020", refsource: "CONFIRM", url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10660", datePublished: "2020-03-23T12:55:42", dateReserved: "2020-03-18T00:00:00", dateUpdated: "2024-08-04T11:06:10.655Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25000
Vulnerability from cvelistv5
Published
2023-03-30 00:17
Modified
2025-02-13 16:44
Severity ?
EPSS score ?
Summary
HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | HashiCorp | Vault |
Version: 1.13.0 ≤ Version: 1.12.0 ≤ Version: 1.11.0 ≤ Version: 0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:11:43.500Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230526-0008/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-25000", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-12T15:02:13.804694Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-12T15:02:17.672Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault", repo: "https://github.com/hashicorp/vault", vendor: "HashiCorp", versions: [ { lessThan: "1.13.1", status: "affected", version: "1.13.0", versionType: "semver", }, { lessThan: "1.12.5", status: "affected", version: "1.12.0", versionType: "semver", }, { lessThan: "1.11.9", status: "affected", version: "1.11.0", versionType: "semver", }, { lessThan: "1.11.0", status: "affected", version: "0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit", ], product: "Vault Enterprise", vendor: "HashiCorp", versions: [ { lessThan: "1.13.1", status: "affected", version: "1.13.0", versionType: "semver", }, { lessThan: "1.12.5", status: "affected", version: "1.12.0", versionType: "semver", }, { lessThan: "1.11.9", status: "affected", version: "1.11.0", versionType: "semver", }, { lessThan: "1.11.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Giuseppe Cocomazzi", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.", }, ], value: "HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.", }, ], impacts: [ { capecId: "CAPEC-204", descriptions: [ { lang: "en", value: "CAPEC-204 Lifting Sensitive Data Embedded in Cache", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-208", description: "CWE-208 Observable Timing Discrepancy", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-26T19:06:26.655Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078", }, { url: "https://security.netapp.com/advisory/ntap-20230526-0008/", }, ], source: { advisory: "HCSEC-2023-10", discovery: "EXTERNAL", }, title: "Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2023-25000", datePublished: "2023-03-30T00:17:46.230Z", dateReserved: "2023-02-01T17:54:13.893Z", dateUpdated: "2025-02-13T16:44:28.625Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-2197
Vulnerability from cvelistv5
Published
2023-05-01 19:41
Modified
2025-02-13 16:40
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HashiCorp | Vault Enterprise |
Version: 1.13.0 ≤ 1.13.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:12:20.674Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230609-0007/", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-2197", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-30T15:18:23.974609Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-326", description: "CWE-326 Inadequate Encryption Strength", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T15:20:35.099Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "Linux", "x86", "64 bit", "32 bit", ], product: "Vault Enterprise", vendor: "HashiCorp", versions: [ { lessThanOrEqual: "1.13.1", status: "affected", version: "1.13.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2", }, ], value: "HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2", }, ], impacts: [ { capecId: "CAPEC-463", descriptions: [ { lang: "en", value: "CAPEC-463 Padding Oracle Crypto Attack", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-326", description: "CWE-326 Inadequate Encryption Strength", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-09T07:06:37.124Z", orgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", shortName: "HashiCorp", }, references: [ { url: "https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322", }, { url: "https://security.netapp.com/advisory/ntap-20230609-0007/", }, ], source: { discovery: "INTERNAL", }, title: "Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM", }, }, cveMetadata: { assignerOrgId: "67fedba0-ff2e-4543-ba5b-aa93e87718cc", assignerShortName: "HashiCorp", cveId: "CVE-2023-2197", datePublished: "2023-05-01T19:41:17.600Z", dateReserved: "2023-04-20T19:03:10.324Z", dateUpdated: "2025-02-13T16:40:36.424Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2022-03-10 17:47
Modified
2024-11-21 06:51
Severity ?
Summary
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "D5B10A87-F01B-42DF-BA0A-DBDC987FF555", versionEndExcluding: "1.7.10", versionStartIncluding: "1.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0B587CFF-3ADF-4401-87BA-3D1C2D4EBFCA", versionEndExcluding: "1.8.9", versionStartIncluding: "1.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "EED439A5-987B-4223-8505-48BFF3728B5D", versionEndExcluding: "1.9.4", versionStartIncluding: "1.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.", }, { lang: "es", value: "Los clústeres de Vault Enterprise usando la funcionalidad tokenization transform pueden exponer la clave de tokenización mediante el endpoint de configuración de la clave de tokenización a operadores autorizados con permisos \"read\" en este endpoint. Corregido en Vault Enterprise versiones 1.9.4, 1.8.9 y 1.7.10", }, ], id: "CVE-2022-25244", lastModified: "2024-11-21T06:51:52.123", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-10T17:47:06.993", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-01 02:15
Modified
2024-11-21 08:47
Severity ?
4.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", matchCriteriaId: "459B7BA3-5070-4686-9DDD-D3B8ADED0DF8", versionEndExcluding: "1.15.5", versionStartIncluding: "1.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "B92203A3-1C92-430B-8008-A4FC4745DEEE", versionEndExcluding: "1.15.5", versionStartIncluding: "1.15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.", }, { lang: "es", value: "Vault y Vault Enterprise (“Vault”) pueden exponer información confidencial al habilitar un dispositivo de auditoría que especifica la opción `log_raw`, que puede registrar información confidencial en otros dispositivos de auditoría, independientemente de si están configurados para usar `log_raw`.", }, ], id: "CVE-2024-0831", lastModified: "2024-11-21T08:47:28.063", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-01T02:15:46.330", references: [ { source: "security@hashicorp.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration", }, { source: "security@hashicorp.com", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311", }, { source: "security@hashicorp.com", url: "https://security.netapp.com/advisory/ntap-20240223-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240223-0005/", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-28 01:15
Modified
2024-11-21 08:18
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:1.12.8:*:*:*:enterprise:*:*:*", matchCriteriaId: "569B71B0-54D5-404F-A88D-64962015C309", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:1.13.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "709FF8A4-0A50-4153-9FD5-F6ECFE12D245", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:1.14.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "DB12634A-9B34-44C0-AC11-11120295E3F2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.", }, ], id: "CVE-2023-3774", lastModified: "2024-11-21T08:18:02.143", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-28T01:15:09.820", references: [ { source: "security@hashicorp.com", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-248", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-755", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-26 23:15
Modified
2024-11-21 07:12
Severity ?
Summary
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", matchCriteriaId: "C61A9B98-537D-4B3E-B8DB-2B745F194602", versionEndIncluding: "1.9.7", versionStartIncluding: "1.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", matchCriteriaId: "8BF15D42-012D-42E2-94A8-41CB79AA1630", versionEndIncluding: "1.10.4", versionStartIncluding: "1.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:1.11.0:*:*:*:-:*:*:*", matchCriteriaId: "5374E2F4-F912-461D-A59B-1C5D474EB1FB", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:1.11.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "DD2B7644-DDE6-46EA-BF39-3DD2087AD9E4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1.", }, { lang: "es", value: "Los clústeres de HashiCorp Vault Enterprise 1.7.0 a 1.9.7, 1.10.4 y 1.11.0 que utilizan Integrated Storage exponen un punto final de API no autenticado que podría ser abusado para anular el estado de votante de un nodo dentro de un clúster de Vault HA, introduciendo la posibilidad de una futura pérdida de datos o un fallo catastrófico. Corregido en Vault Enterprise 1.9.8, 1.10.5 y 1.11.1", }, ], id: "CVE-2022-36129", lastModified: "2024-11-21T07:12:27.497", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-26T23:15:08.337", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20220901-0011/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20220901-0011/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 14:15
Modified
2024-11-21 06:31
Severity ?
Summary
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "6E0E2E1B-2244-4D62-B8E3-AE799D0AD7FD", versionEndExcluding: "1.7.7", versionStartIncluding: "1.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0484B927-09B0-40E8-B77A-43418C610E65", versionEndExcluding: "1.7.7", versionStartIncluding: "1.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "6591677D-48B8-4A98-B23A-F34154E0E160", versionEndExcluding: "1.8.6", versionStartIncluding: "1.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "D61C130D-AE26-4098-A843-761464BAAAAB", versionEndExcluding: "1.8.6", versionStartIncluding: "1.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:1.9.0:*:*:*:-:*:*:*", matchCriteriaId: "8CCA5BF6-13A5-4FC7-9C59-8D9F02A95031", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:1.9.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "B326A8B9-BA42-4184-B1D5-D549387C9E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.", }, { lang: "es", value: "En HashiCorp Vault y Vault Enterprise versiones anteriores a 1.7.7, 1.8.x anteriores a 1.8.6 y 1.9.x anteriores a 1.9.1, los clusters que usaban el backend de almacenamiento integrado permitían a un usuario autenticado (con permisos de escritura en un motor de secretos kv) causar un pánico y una denegación de servicio del backend de almacenamiento. La primera versión afectada es la 1.4.0", }, ], id: "CVE-2021-45042", lastModified: "2024-11-21T06:31:51.180", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T14:15:07.667", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, { source: "cve@mitre.org", tags: [ "Product", "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-30 01:15
Modified
2024-11-21 07:48
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "2C565DBD-95F4-4951-A029-93ABE5315740", versionEndExcluding: "1.11.9", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "80EB9F32-09A4-469C-AF76-1AE3137EAC1B", versionEndExcluding: "1.11.9", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "446F872F-F64C-44CA-85BC-144FCFBCFA8B", versionEndExcluding: "1.12.5", versionStartIncluding: "1.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "71A02FE6-C8D4-455D-A71A-C8353E1ECB7C", versionEndExcluding: "1.12.5", versionStartIncluding: "1.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "81280166-3DF7-4867-95E9-A7AFB9A12CE7", versionEndExcluding: "1.13.1", versionStartIncluding: "1.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "C56E203C-1E18-4395-B500-B6EA695B16C0", versionEndExcluding: "1.13.1", versionStartIncluding: "1.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.", }, ], id: "CVE-2023-25000", lastModified: "2024-11-21T07:48:54.423", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 4, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-30T01:15:07.493", references: [ { source: "security@hashicorp.com", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078", }, { source: "security@hashicorp.com", url: "https://security.netapp.com/advisory/ntap-20230526-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230526-0008/", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-208", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-23 18:15
Modified
2024-11-21 05:36
Severity ?
Summary
HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "900FA9AF-7865-4166-A3E6-8315B19D23A9", versionEndExcluding: "1.3.2", versionStartIncluding: "0.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.", }, { lang: "es", value: "HashiCorp Vault Enterprise versiones 0.11.0 hasta 1.3.1 presenta un fallo, en determinadas circunstancias, al revocar secretos dinámicos para un montaje en un espacio de nombres eliminado. Corregido en versión 1.3.2.", }, ], id: "CVE-2020-7220", lastModified: "2024-11-21T05:36:51.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-23T18:15:14.930", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-404", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-17 05:15
Modified
2024-11-21 05:27
Severity ?
Summary
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "8BBE5051-FDC2-490C-A8FE-7134B02ADA31", versionEndExcluding: "1.5.6", versionStartIncluding: "1.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "FC2B5308-C3D8-4BB6-BE29-ECFA0262A4C9", versionEndExcluding: "1.5.6", versionStartIncluding: "1.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "C9C83375-2E73-4F4F-8913-77BA05950C9B", versionEndExcluding: "1.6.1", versionStartIncluding: "1.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "9AFA38F7-04B2-44AF-A1C9-F11EAC86D89D", versionEndExcluding: "1.6.1", versionStartIncluding: "1.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.", }, { lang: "es", value: "La funcionalidad de la política Sentinel EGP de HashiCorp Vault Enterprise, permitía incorrectamente peticiones a ser procesadas en los espacios de nombres de parent y sibling. Corregido en versiones 1.5.6 y 1.6.1", }, ], id: "CVE-2020-35453", lastModified: "2024-11-21T05:27:18.700", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-17T05:15:10.860", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-17 05:15
Modified
2024-11-21 05:26
Severity ?
Summary
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "8BBE5051-FDC2-490C-A8FE-7134B02ADA31", versionEndExcluding: "1.5.6", versionStartIncluding: "1.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "FC2B5308-C3D8-4BB6-BE29-ECFA0262A4C9", versionEndExcluding: "1.5.6", versionStartIncluding: "1.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "C9C83375-2E73-4F4F-8913-77BA05950C9B", versionEndExcluding: "1.6.1", versionStartIncluding: "1.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "9AFA38F7-04B2-44AF-A1C9-F11EAC86D89D", versionEndExcluding: "1.6.1", versionStartIncluding: "1.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise 1.4.1 y más recientes permitieron la enumeración de usuarios por medio del método de autenticación LDAP. Corregido en versiones 1.5.6 y 1.6.1", }, ], id: "CVE-2020-35177", lastModified: "2024-11-21T05:26:54.477", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-17T05:15:10.737", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-209", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-26 15:15
Modified
2024-11-21 05:07
Severity ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://www.hashicorp.com/blog/category/vault/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.hashicorp.com/blog/category/vault/ | Product, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "85BEB94C-3B3C-4088-9E5E-85877E1F6497", versionEndExcluding: "1.2.5", versionStartIncluding: "0.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "269A36BC-B728-4AFA-B08B-0C04B22DFEC9", versionEndExcluding: "1.3.8", versionStartIncluding: "1.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "68A9A5AE-CC39-4296-95AF-6E2C13C64C51", versionEndExcluding: "1.4.4", versionStartIncluding: "1.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "6813A54F-6259-40AA-BBF5-90DB0480813D", versionEndExcluding: "1.5.1", versionStartIncluding: "1.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "A21DD5AC-CEBA-4AC2-9CD2-42F40DB11C06", versionEndExcluding: "1.2.5", versionStartIncluding: "0.8.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "78915E16-7E2F-4DDA-89FF-1751B6546FC2", versionEndExcluding: "1.3.8", versionStartIncluding: "1.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "E03B11E5-953A-4D0E-A75C-87F43BE0F323", versionEndExcluding: "1.4.4", versionStartIncluding: "1.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "894E4573-D9DF-4357-AAA8-50CA95A4CD2B", versionEndExcluding: "1.5.1", versionStartIncluding: "1.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise versiones 0.8.3 y posteriores, cuando son configuradas con el método de autenticación GCP GCE, pueden ser vulnerables a una omisión de autenticación. Corregido en las versiones 1.2.5, 1.3.8, 1.4.4 y 1.5.1", }, ], id: "CVE-2020-16251", lastModified: "2024-11-21T05:07:01.677", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-26T15:15:12.913", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151", }, { source: "cve@mitre.org", tags: [ "Product", "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-17 02:15
Modified
2024-11-21 05:26
Severity ?
Summary
The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/koharin/koharin2/blob/main/CVE-2020-35192 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/koharin/koharin2/blob/main/CVE-2020-35192 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", matchCriteriaId: "2A3DF987-5D7D-45D5-9AA6-E658311512CE", versionEndExcluding: "0.11.6", versionStartIncluding: "0.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.", }, { lang: "es", value: "Las imágenes de docker de official vault versiones anteriores a 0.11.6, contienen una contraseña en blanco para un usuario root. El sistema que usa el contenedor de docker vault implementado por unas versiones afectadas de la imagen de docker puede permitir a un atacante remoto conseguir acceso root con una contraseña en blanco", }, ], id: "CVE-2020-35192", lastModified: "2024-11-21T05:26:55.770", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-17T02:15:13.177", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-23 13:15
Modified
2024-11-21 04:55
Severity ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "F0568D06-4FE3-4898-A61D-B46DED3E0163", versionEndIncluding: "1.3.3", versionStartIncluding: "0.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "CFFA5CFC-88D2-4AE7-B996-3759CDD85D72", versionEndIncluding: "1.3.3", versionStartIncluding: "0.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise versiones 0.11.0 hasta 1.3.3, pueden bajo determinadas circunstancias, presentar políticas de ruta anidadas existentes que otorguen acceso a unos Espacios de Nombres después de los datos creados. Corregido en versión 1.3.4.", }, ], id: "CVE-2020-10661", lastModified: "2024-11-21T04:55:47.517", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-23T13:15:13.190", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-01 20:15
Modified
2025-01-30 16:15
Severity ?
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "CE468CF8-6DD1-476A-97CC-9FC0252AE726", versionEndExcluding: "1.13.2", versionStartIncluding: "1.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2", }, ], id: "CVE-2023-2197", lastModified: "2025-01-30T16:15:29.243", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 1.4, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-01T20:15:14.597", references: [ { source: "security@hashicorp.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322", }, { source: "security@hashicorp.com", url: "https://security.netapp.com/advisory/ntap-20230609-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230609-0007/", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-326", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-31 18:15
Modified
2024-11-21 05:58
Severity ?
Summary
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "3C3C0445-027D-4907-8E8A-CBA653EF5B94", versionEndExcluding: "1.6.3", versionStartIncluding: "0.9.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.", }, { lang: "es", value: "HashiCorp Vault Enterprise versiones 0.9.2 hasta 1.6.2, permitía la lectura de metadatos de licencia de DR secundarios sin autenticación. Corregido en versión 1.6.3", }, ], id: "CVE-2021-27668", lastModified: "2024-11-21T05:58:24.530", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-31T18:15:07.843", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-01 16:15
Modified
2024-11-21 06:21
Severity ?
Summary
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:1.6.0:*:*:*:*:*:*:*", matchCriteriaId: "A127E5E5-AD2A-4911-8A87-0951B7A4A249", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "CEB42CDF-DDC0-4575-8516-CE3B42FECB98", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.", }, { lang: "es", value: "HashiCorp Vault Enterprise versiones 1.6.0 y 1.6.1, permitieron que el comando del operador raft \"remove-peer\" sea ejecutado contra los secundarios de DR sin autenticación. Corregido en la versión 1.6.2", }, ], id: "CVE-2021-3282", lastModified: "2024-11-21T06:21:12.870", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-01T16:15:13.280", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-17 18:15
Modified
2024-11-21 07:03
Severity ?
Summary
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://discuss.hashicorp.com | Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202207-01 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20220629-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://discuss.hashicorp.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202207-01 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220629-0006/ | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "604973B7-EDDA-41D5-B6E6-C11A1560FB40", versionEndExcluding: "1.10.3", versionStartIncluding: "1.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "DF292C97-3785-4305-AAB5-2DCEC65681AE", versionEndExcluding: "1.10.3", versionStartIncluding: "1.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise desde la versión 1.10.0 hasta 1.10.2 no configuraban ni aplicaban correctamente la MFA en el inicio de sesión tras el reinicio del servidor. Esto afecta a la función MFA de inicio de sesión introducida en Vault y Vault Enterprise versión 1.10.0 y no afecta al conjunto de funciones MFA de Enterprise por separado. Corregido en versión 1.10.3", }, ], id: "CVE-2022-30689", lastModified: "2024-11-21T07:03:10.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-17T18:15:08.777", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220629-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220629-0006/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-30 01:15
Modified
2024-11-21 07:37
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "2C565DBD-95F4-4951-A029-93ABE5315740", versionEndExcluding: "1.11.9", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "80EB9F32-09A4-469C-AF76-1AE3137EAC1B", versionEndExcluding: "1.11.9", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "446F872F-F64C-44CA-85BC-144FCFBCFA8B", versionEndExcluding: "1.12.5", versionStartIncluding: "1.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "71A02FE6-C8D4-455D-A71A-C8353E1ECB7C", versionEndExcluding: "1.12.5", versionStartIncluding: "1.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "81280166-3DF7-4867-95E9-A7AFB9A12CE7", versionEndExcluding: "1.13.1", versionStartIncluding: "1.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "C56E203C-1E18-4395-B500-B6EA695B16C0", versionEndExcluding: "1.13.1", versionStartIncluding: "1.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.", }, ], id: "CVE-2023-0665", lastModified: "2024-11-21T07:37:35.217", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-30T01:15:07.437", references: [ { source: "security@hashicorp.com", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1", }, { source: "security@hashicorp.com", url: "https://security.netapp.com/advisory/ntap-20230526-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230526-0008/", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-13 16:15
Modified
2024-11-21 06:17
Severity ?
Summary
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "2A199FE0-3F86-46A9-B09C-4F9F1F9F9DBC", versionEndExcluding: "1.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "A49A8BD3-0C2A-4C51-A8D3-940CBD8C59B1", versionEndExcluding: "1.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.", }, { lang: "es", value: "La interfaz de usuario de HashiCorp Vault y Vault Enterprise almacenaba erróneamente en caché y exponía los secretos visualizados por el usuario entre sesiones en un mismo navegador compartido. Corregido en versión 1.8.0 y en versiones pendientes 1.7.4 / 1.6.6.", }, ], id: "CVE-2021-38554", lastModified: "2024-11-21T06:17:25.633", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-13T16:15:08.117", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-212", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-22 01:15
Modified
2024-11-21 07:21
Severity ?
Summary
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "6F7D3568-1DFC-4D7F-9C90-549681303D7A", versionEndExcluding: "1.9.9", versionStartIncluding: "1.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "AC692B79-82DB-45CA-9116-45278240AEA7", versionEndExcluding: "1.9.9", versionStartIncluding: "1.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "A13E5D18-413A-431C-8F68-0A28513AA43F", versionEndExcluding: "1.10.6", versionStartIncluding: "1.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "518DEF17-CBE0-4799-AF74-B11BEFDE453C", versionEndExcluding: "1.10.6", versionStartIncluding: "1.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "CBDC6291-4C85-473E-93DA-DE2B7C1C22C8", versionEndExcluding: "1.11.3", versionStartIncluding: "1.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "8C7238A3-B4B6-4A28-B5EE-AE982B241E43", versionEndExcluding: "1.11.3", versionStartIncluding: "1.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.", }, { lang: "es", value: "Se ha detectado un problema en HashiCorp Vault y Vault Enterprise versiones anteriores a 1.11.3. Se ha encontrado una vulnerabilidad en el Motor de Identidades por la que, en una implementación en la que una entidad presenta varios accesos de montaje con nombres de alias compartidos, Vault puede sobrescribir los metadatos en el alias incorrecto debido a un problema de comprobación del alias correcto asignado a una entidad. Esto puede permitir un acceso involuntario a las rutas de clave/valor usando esos metadatos en Vault", }, ], id: "CVE-2022-40186", lastModified: "2024-11-21T07:21:01.280", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-22T01:15:12.027", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221111-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221111-0008/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-26 15:15
Modified
2024-11-21 05:07
Severity ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.hashicorp.com/blog/category/vault/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.hashicorp.com/blog/category/vault/ | Product, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "D2494214-E6B2-4322-AA79-CC4AE1959760", versionEndExcluding: "1.2.5", versionStartIncluding: "0.7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "24DC6241-A2AA-45DD-B2E9-82DEE9FF0DB2", versionEndExcluding: "1.2.5", versionStartIncluding: "0.7.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "78915E16-7E2F-4DDA-89FF-1751B6546FC2", versionEndExcluding: "1.3.8", versionStartIncluding: "1.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "269A36BC-B728-4AFA-B08B-0C04B22DFEC9", versionEndExcluding: "1.3.8", versionStartIncluding: "1.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "E03B11E5-953A-4D0E-A75C-87F43BE0F323", versionEndExcluding: "1.4.4", versionStartIncluding: "1.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "68A9A5AE-CC39-4296-95AF-6E2C13C64C51", versionEndExcluding: "1.4.4", versionStartIncluding: "1.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "894E4573-D9DF-4357-AAA8-50CA95A4CD2B", versionEndExcluding: "1.5.1", versionStartIncluding: "1.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "6813A54F-6259-40AA-BBF5-90DB0480813D", versionEndExcluding: "1.5.1", versionStartIncluding: "1.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise versiones 0.7.1 y posteriores, cuando son configuradas con el método de autenticación AWS IAM, pueden ser vulnerables a una omisión de autenticación. Corregido en 1.2.5, 1.3.8, 1.4.4 y 1.5.1..", }, ], id: "CVE-2020-16250", lastModified: "2024-11-21T05:07:01.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-26T15:15:12.850", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151", }, { source: "cve@mitre.org", tags: [ "Product", "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-290", }, { lang: "en", value: "CWE-345", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-08 22:15
Modified
2025-02-13 18:16
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.
Fixed in Vault 1.15.4, 1.14.8, 1.13.12.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", matchCriteriaId: "279420C4-177B-42B2-A4D9-6E9EDA3F1D0E", versionEndIncluding: "1.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "B0DB3723-28B2-48CB-9027-9A3AE4C650BD", versionEndIncluding: "1.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", matchCriteriaId: "DCBF4C08-0C81-46C1-B9C6-843E07C78E34", versionEndExcluding: "1.13.12", versionStartIncluding: "1.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "F1B50279-B5C2-442A-AA6B-55DDD19ED8F5", versionEndExcluding: "1.13.12", versionStartIncluding: "1.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", matchCriteriaId: "885CF0FC-A707-4E8F-BCA8-45BC83FC06EE", versionEndExcluding: "1.14.8", versionStartIncluding: "1.14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "D1BCB828-CA09-433F-96C3-4653B565DF1F", versionEndExcluding: "1.14.8", versionStartIncluding: "1.14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", matchCriteriaId: "89F657D5-0195-4A10-80B3-C12ACFFA5B0E", versionEndExcluding: "1.15.4", versionStartIncluding: "1.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "CB94C54C-E891-47FD-8695-DFE0652F0E30", versionEndExcluding: "1.15.4", versionStartIncluding: "1.15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.\n\nFixed in Vault 1.15.4, 1.14.8, 1.13.12.", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise 1.12.0 y versiones posteriores son vulnerables a una denegación de servicio debido al agotamiento de la memoria del host cuando se manejan grandes solicitudes HTTP autenticadas y no autenticadas de un cliente. Vault intentará asignar la solicitud a la memoria, lo que provocará que se agote la memoria disponible en el host, lo que puede provocar que Vault falle. Corregido en Vault 1.15.4, 1.14.8, 1.13.12.", }, ], id: "CVE-2023-6337", lastModified: "2025-02-13T18:16:08.143", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-08T22:15:07.713", references: [ { source: "security@hashicorp.com", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741", }, { source: "security@hashicorp.com", url: "https://security.netapp.com/advisory/ntap-20240112-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240112-0006/", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-10 19:15
Modified
2024-11-21 05:00
Severity ?
Summary
HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.hashicorp.com/blog/category/vault/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.hashicorp.com/blog/category/vault/ | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "AFE1B675-B382-4D1E-BC7B-485C14FE8A44", versionEndExcluding: "1.3.6", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "6F97F1E0-06E3-4793-B71F-B0C24D1C674A", versionEndExcluding: "1.4.2", versionStartIncluding: "1.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "1CD6F1BC-31A4-4642-8982-EBD5B380A603", versionEndExcluding: "1.3.6", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "FA54C14C-F7C4-4F67-8296-A51845AB63D8", versionEndExcluding: "1.4.2", versionStartIncluding: "1.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise registraron variables de entorno proxy que incluían potencialmente credenciales sensibles. Fijado en las versiones 1.3.6 y 1.4.2", }, ], id: "CVE-2020-13223", lastModified: "2024-11-21T05:00:49.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-10T19:15:09.727", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-30 01:15
Modified
2024-11-21 07:37
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.
This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "2C565DBD-95F4-4951-A029-93ABE5315740", versionEndExcluding: "1.11.9", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "80EB9F32-09A4-469C-AF76-1AE3137EAC1B", versionEndExcluding: "1.11.9", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "446F872F-F64C-44CA-85BC-144FCFBCFA8B", versionEndExcluding: "1.12.5", versionStartIncluding: "1.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "71A02FE6-C8D4-455D-A71A-C8353E1ECB7C", versionEndExcluding: "1.12.5", versionStartIncluding: "1.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "81280166-3DF7-4867-95E9-A7AFB9A12CE7", versionEndExcluding: "1.13.1", versionStartIncluding: "1.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "C56E203C-1E18-4395-B500-B6EA695B16C0", versionEndExcluding: "1.13.1", versionStartIncluding: "1.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.\n\nThis issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.", }, ], id: "CVE-2023-0620", lastModified: "2024-11-21T07:37:29.983", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-30T01:15:07.380", references: [ { source: "security@hashicorp.com", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1", }, { source: "security@hashicorp.com", url: "https://security.netapp.com/advisory/ntap-20230526-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230526-0008/", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-10 21:15
Modified
2024-10-18 20:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "7C3A4160-F4D5-4447-B637-ADB46ECA6191", versionEndIncluding: "1.17.7", versionStartIncluding: "1.7.7", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "B1A3560F-6E15-4CB4-AD63-019E7C499369", versionEndExcluding: "1.18.0", versionStartIncluding: "1.7.7", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "6A11834C-76C4-4D8A-8493-D2331334B823", versionEndExcluding: "1.15.16", versionStartIncluding: "1.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "137EE5AE-4532-40C5-AAFD-45BC897A216C", versionEndExcluding: "1.16.11", versionStartIncluding: "1.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.", }, { lang: "es", value: "Un operador de Vault privilegiado con permisos de escritura en el endpoint de identidad del espacio de nombres raíz podría escalar sus privilegios a la política raíz de Vault. Corregido en Vault Community Edition 1.18.0 y Vault Enterprise 1.18.0, 1.17.7, 1.16.11 y 1.15.16.", }, ], id: "CVE-2024-9180", lastModified: "2024-10-18T20:15:03.393", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-10T21:15:05.010", references: [ { source: "security@hashicorp.com", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-02 05:15
Modified
2024-09-04 14:37
Severity ?
6.2 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "42D075A3-0E7A-4EC6-96AF-55CD4B5E0722", versionEndExcluding: "1.16.9", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "7249EEB1-D26D-4924-A69A-17C63F7B0693", versionEndExcluding: "1.17.5", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "61BDF0C9-6DA7-496D-8181-6EDF20271239", versionEndExcluding: "1.17.5", versionStartIncluding: "1.17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.", }, { lang: "es", value: "Vault Community Edition y Vault Enterprise experimentaron una regresión en la que se eliminó la funcionalidad que codificaba mediante HMAC los encabezados confidenciales en el dispositivo de auditoría configurado, específicamente los tokens de cliente y los descriptores de acceso de token. Esto provocó que los valores de texto sin formato de los tokens de cliente y los descriptores de acceso de token se almacenaran en el registro de auditoría. Esta vulnerabilidad, CVE-2024-8365, se solucionó en Vault Community Edition y Vault Enterprise 1.17.5 y Vault Enterprise 1.16.9.", }, ], id: "CVE-2024-8365", lastModified: "2024-09-04T14:37:03.543", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 4, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-09-02T05:15:17.823", references: [ { source: "security@hashicorp.com", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2024-18-vault-leaks-client-token-and-token-accessor-in-audit-devices/", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-11 03:15
Modified
2024-11-21 06:27
Severity ?
Summary
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "A969F70A-A0A5-4F1E-9B59-554F034FA785", versionEndIncluding: "1.8.4", versionStartIncluding: "1.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E61B9141-843A-4039-9B4F-4A3443C9023C", versionEndIncluding: "1.8.4", versionStartIncluding: "1.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise versiones 1.8.x a 1.8.4, pueden tener una interacción inesperada entre las políticas relacionadas con glob y el motor de secretos de Google Cloud. Los usuarios pueden, en algunas situaciones, tener más privilegios de los previstos, por ejemplo, un usuario con permiso de lectura para la ruta /gcp/roleset/* puede ser capaz de emitir credenciales de cuentas de servicio de Google Cloud", }, ], id: "CVE-2021-42135", lastModified: "2024-11-21T06:27:20.020", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-11T03:15:06.760", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-11 00:15
Modified
2024-11-21 07:48
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "9F8302EA-93E3-4181-8616-04598ED0C598", versionEndExcluding: "1.10.11", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "7C538086-CAAD-4E99-A250-2B51F7D4FA70", versionEndExcluding: "1.10.11", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "6B9B93DD-17A5-4230-AD7D-C1D96046A73D", versionEndExcluding: "1.11.8", versionStartIncluding: "1.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "FC94042C-B42F-4F60-92E7-5ECF0F0ABFD9", versionEndExcluding: "1.11.8", versionStartIncluding: "1.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "90C9579E-35EE-4DCE-96F6-DF64B52BBDE6", versionEndExcluding: "1.12.4", versionStartIncluding: "1.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "DE915EDC-95E7-4D29-AA3E-7D41108275F4", versionEndExcluding: "1.12.4", versionStartIncluding: "1.12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.", }, ], id: "CVE-2023-24999", lastModified: "2024-11-21T07:48:54.297", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 3.6, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-11T00:15:09.410", references: [ { source: "security@hashicorp.com", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305", }, { source: "security@hashicorp.com", url: "https://security.netapp.com/advisory/ntap-20230505-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230505-0001/", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-30 20:15
Modified
2024-11-21 05:18
Severity ?
Summary
HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://www.hashicorp.com/blog/category/vault | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.hashicorp.com/blog/category/vault | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "D35AD78C-3A03-4ED6-B3FC-F7877CCE4BFC", versionEndExcluding: "1.4.7", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "9D444A1F-E4AA-4FE9-B93E-69AF6CF06ADA", versionEndExcluding: "1.4.7", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "6361AB01-4220-49D4-AE15-C241C5A40062", versionEndExcluding: "1.5.4", versionStartIncluding: "1.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "CE727141-3FC5-4B00-A7D9-BDADE069823C", versionEndExcluding: "1.5.4", versionStartIncluding: "1.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4.", }, { lang: "es", value: "Las versiones 1.0 y posteriores de HashiCorp Vault y Vault Enterprise permitían que los contratos de arrendamiento creados con un testigo de lote sobrevivieran a su TTL porque el tiempo de caducidad no estaba programado correctamente. Corregido en las versiones 1.4.7 y 1.5.4", }, ], id: "CVE-2020-25816", lastModified: "2024-11-21T05:18:49.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-30T20:15:15.653", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-22 17:15
Modified
2024-11-21 05:57
Severity ?
Summary
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "27B3B966-91DB-43C2-BBDF-89B8B7705A5A", versionEndExcluding: "1.6.4", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "497EEAD2-3830-42CC-928A-3EAFC2CBE890", versionEndExcluding: "1.6.4", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "AD8B7C18-6F3A-4609-99FC-AEA2C3DA8A63", versionEndExcluding: "1.7.1", versionStartIncluding: "1.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E8392A7C-4F72-4B67-BE17-A8DE721EA92E", versionEndExcluding: "1.7.1", versionStartIncluding: "1.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1", }, { lang: "es", value: "Las integraciones de HashiCorp Vault y Vault Enterprise Cassandra (backend de almacenamiento y plugin del motor de secretos de la base de datos) no comprobaban los certificados TLS al conectarse a los clústeres de Cassandra. Corregido en 1.6.4 y 1.7.1", }, ], id: "CVE-2021-27400", lastModified: "2024-11-21T05:57:55.137", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-22T17:15:07.723", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-09 21:15
Modified
2024-11-21 08:42
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "8265AC92-59E4-4229-87E8-ABAF9E3DAAF3", versionEndExcluding: "1.13.10", versionStartIncluding: "1.13.7", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "9FD3EF12-C2C0-4529-B0AB-08B8F238531D", versionEndExcluding: "1.13.10", versionStartIncluding: "1.13.7", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "38120A49-ED14-4C8C-9A0A-BA040D48C4E7", versionEndExcluding: "1.14.6", versionStartIncluding: "1.14.3", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "ABC1488F-D1BA-4C98-98E0-DAFE9BE205A1", versionEndExcluding: "1.14.6", versionStartIncluding: "1.14.3", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "1C9C9A12-4062-4968-BE87-1B07A789A7D3", versionEndExcluding: "1.15.2", versionStartIncluding: "1.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "2D3F2482-2783-49B2-888B-AC99FEE976EA", versionEndExcluding: "1.15.2", versionStartIncluding: "1.15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.", }, { lang: "es", value: "Las solicitudes de clientes entrantes de HashiCorp Vault y Vault Enterprise que activan una verificación de políticas pueden provocar un consumo ilimitado de memoria. Un gran número de estas solicitudes pueden dar lugar a una denegación de servicio. Corregido en Vault 1.15.2, 1.14.6 y 1.13.10.", }, ], id: "CVE-2023-5954", lastModified: "2024-11-21T08:42:51.270", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-09T21:15:25.143", references: [ { source: "security@hashicorp.com", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926", }, { source: "security@hashicorp.com", url: "https://security.netapp.com/advisory/ntap-20231227-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20231227-0001/", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-30 15:15
Modified
2024-11-21 06:30
Severity ?
Summary
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "5A7212FD-695F-4F55-93D2-AD6F55D1B80B", versionEndIncluding: "1.7.5", versionStartIncluding: "0.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0F3712FE-1CE9-4FFA-98DC-CA9A3C5B1038", versionEndIncluding: "1.7.5", versionStartIncluding: "0.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:1.8.4:*:*:*:-:*:*:*", matchCriteriaId: "A7D561AF-7DCD-4541-8A63-DCEEDBE8A0C0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:1.8.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "A0D7039E-338E-4F53-A578-7CDBD11F93D8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.", }, { lang: "es", value: "Las políticas ACL templadas de HashiCorp Vault y Vault Enterprise 0.11.0 versiones hasta 1.7.5 y 1.8.4 siempre coincidían con el primer alias de entidad creado si presentaban varios alias de entidad para una combinación especificada de entidad y montaje, resultando potencialmente en una aplicación incorrecta de la política. Corregido en Vault y Vault Enterprise versiones 1.7.6, 1.8.5 y 1.9.0", }, ], id: "CVE-2021-43998", lastModified: "2024-11-21T06:30:10.607", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-30T15:15:07.360", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-29 00:15
Modified
2024-11-21 08:18
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "648748AE-3BBB-4918-AF7A-5261B36B851E", versionEndExcluding: "1.13.8", versionStartIncluding: "0.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "6950375D-91C1-46D3-8554-22D710C6FC8E", versionEndExcluding: "1.14.4", versionStartIncluding: "1.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.", }, { lang: "es", value: "Vault Enterprise Sentinel Role Governing Policy creada por un operador para restringir el acceso a los recursos en un espacio de nombres se puede aplicar a solicitudes externas en otro espacio de nombres no descendiente, lo que podría provocar una denegación de servicio. Corregido en Vault Enterprise 1.15.0, 1.14.4, 1.13.8.", }, ], id: "CVE-2023-3775", lastModified: "2024-11-21T08:18:02.273", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 3.6, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-29T00:15:12.543", references: [ { source: "security@hashicorp.com", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-01 16:15
Modified
2024-11-21 05:18
Severity ?
Summary
HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "32DD844D-4C10-450D-9017-D5870DF07738", versionEndExcluding: "1.5.7", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "11FF3556-E92E-423B-86E5-175BD43F9192", versionEndExcluding: "1.5.7", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "6FA59962-1063-4AA3-8B24-C8C6FD2C7341", versionEndExcluding: "1.6.2", versionStartIncluding: "1.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4F85653B-E5DE-4654-A520-1573CD4F46DF", versionEndExcluding: "1.6.2", versionStartIncluding: "1.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise permitieron la enumeración de rutas de montaje de Secrets Engine por medio de peticiones HTTP no autenticadas. Corregido en las versiones 1.6.2 y 1.5.7", }, ], id: "CVE-2020-25594", lastModified: "2024-11-21T05:18:11.117", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-01T16:15:12.607", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-03 11:15
Modified
2024-11-21 06:07
Severity ?
Summary
HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "14A9B0B2-7CB2-4C58-A533-C8B8A384B9E7", versionEndExcluding: "1.5.9", versionStartIncluding: "0.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A1393FB-B347-43B0-B385-778DB91EE17D", versionEndExcluding: "1.5.9", versionStartIncluding: "0.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "982EA447-6427-441A-969C-F15CA795CB2E", versionEndExcluding: "1.6.5", versionStartIncluding: "1.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "3AD3802D-3031-4639-B4F6-ECB64F776333", versionEndExcluding: "1.6.5", versionStartIncluding: "1.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "B0BC9967-86A5-47F4-86A5-35B32A677BA6", versionEndExcluding: "1.7.2", versionStartIncluding: "1.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E6D1D690-7B01-483A-AF34-F26AAE923A43", versionEndExcluding: "1.7.2", versionStartIncluding: "1.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise permitían la renovación de los contratos de alquiler de tokens casi caducados y de los contratos de alquiler de secretos dinámicos (concretamente, los que estaban a menos de 1 segundo de su TTL máximo), lo que causó que sean incorrectamente tratados como no caducados durante su uso posterior. Corregido en versiones 1.5.9, 1.6.5 y 1.7.2", }, ], id: "CVE-2021-32923", lastModified: "2024-11-21T06:07:56.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-03T11:15:08.737", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, { source: "cve@mitre.org", tags: [ "Product", "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-613", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-10 17:47
Modified
2024-11-21 06:51
Severity ?
Summary
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "7256A02C-3F6E-43A6-9D9C-8714434DDA1B", versionEndExcluding: "1.8.9", versionStartIncluding: "1.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0B587CFF-3ADF-4401-87BA-3D1C2D4EBFCA", versionEndExcluding: "1.8.9", versionStartIncluding: "1.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "995C47FF-0CE7-4438-85D5-325F715B0BAA", versionEndExcluding: "1.9.4", versionStartIncluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "EED439A5-987B-4223-8505-48BFF3728B5D", versionEndExcluding: "1.9.4", versionStartIncluding: "1.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "\"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.", }, { lang: "es", value: "Vault y Vault Enterprise versiones 1.8.0 a 1.8.8, y 1.9.3, permitían que el motor de secretos PKI, bajo determinadas configuraciones, emitiera certificados comodín a usuarios autorizados para un dominio especificado, incluso si el atributo de la política de rol PKI allow_subdomains está establecido en falso. Corregido en Vault Enterprise versiones 1.8.9 y 1.9.4", }, ], id: "CVE-2022-25243", lastModified: "2024-11-21T06:51:51.990", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-10T17:47:06.927", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-22 17:15
Modified
2024-11-21 06:01
Severity ?
Summary
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "3E8C2B56-E342-46D5-8D79-37DD75D6D811", versionEndExcluding: "1.5.8", versionStartIncluding: "1.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "08ED6BDB-15A0-458E-B3D1-4B69592CAC7C", versionEndExcluding: "1.5.8", versionStartIncluding: "1.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "F0038DAE-0651-4FB2-87F6-D3116B6E25B3", versionEndExcluding: "1.6.4", versionStartIncluding: "1.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "F5117009-915A-4869-A1F5-3BBA59D9E7E7", versionEndExcluding: "1.6.4", versionStartIncluding: "1.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "AD8B7C18-6F3A-4609-99FC-AEA2C3DA8A63", versionEndExcluding: "1.7.1", versionStartIncluding: "1.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E8392A7C-4F72-4B67-BE17-A8DE721EA92E", versionEndExcluding: "1.7.1", versionStartIncluding: "1.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise versiones 1.5.1 y posteriores, bajo determinadas circunstancias, pueden excluir certificados revocados pero no vencidos de la CRL. Corregido en versiones 1.5.8, 1.6.4 y 1.7.1", }, ], id: "CVE-2021-29653", lastModified: "2024-11-21T06:01:34.957", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-22T17:15:07.753", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-12 21:15
Modified
2024-11-21 07:23
Severity ?
Summary
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "A83AB9F6-6662-440E-81EB-3C62B75C5BB8", versionEndExcluding: "1.9.10", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "8D2BFA44-9C1C-47E9-9A45-60AB128E17BF", versionEndExcluding: "1.9.10", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "1D91D270-5EFB-45A6-ACEF-DDCEFDCCFEC9", versionEndExcluding: "1.10.7", versionStartIncluding: "1.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "3CFBD5A4-3C11-4980-A007-912156790844", versionEndExcluding: "1.10.7", versionStartIncluding: "1.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "45D5EC99-1403-4ACB-BD8D-A7D1ED6D31D9", versionEndExcluding: "1.11.4", versionStartIncluding: "1.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "225236BD-A091-472C-9CCD-FCD7753A4E0D", versionEndExcluding: "1.11.4", versionStartIncluding: "1.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.", }, { lang: "es", value: "El método de autenticación de certificados TLS de HashiCorp Vault y Vault Enterprise no cargaba inicialmente la CRL configurada opcionalmente y emitida por la CA del rol en la memoria al iniciarse, resultando en que no se comprobara la lista de revocación si la CRL aún no era recuperada. Corregido en versiones 1.12.0, 1.11.4, 1.10.7 y 1.9.10", }, ], id: "CVE-2022-41316", lastModified: "2024-11-21T07:23:01.917", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-12T21:15:09.857", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221201-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221201-0001/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-10 19:15
Modified
2024-11-21 05:00
Severity ?
Summary
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.hashicorp.com/blog/category/vault/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.hashicorp.com/blog/category/vault/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "FA54C14C-F7C4-4F67-8296-A51845AB63D8", versionEndExcluding: "1.4.2", versionStartIncluding: "1.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "6F97F1E0-06E3-4793-B71F-B0C24D1C674A", versionEndExcluding: "1.4.2", versionStartIncluding: "1.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2.", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise versión 1.4.0 y versión 1.4.1, cuando se configuran con el Motor de Secretos GCP, pueden generar incorrectamente Credenciales GCP con la duración de alquiler predeterminada en lugar de la configuración del motor. Esto puede llevar a que las credenciales de BPC generadas sean válidas durante más tiempo del previsto. Corregido en la versión 1.4.2", }, ], id: "CVE-2020-12757", lastModified: "2024-11-21T05:00:13.213", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-10T19:15:09.647", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-01 16:15
Modified
2024-11-21 06:20
Severity ?
Summary
HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "32DD844D-4C10-450D-9017-D5870DF07738", versionEndExcluding: "1.5.7", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "11FF3556-E92E-423B-86E5-175BD43F9192", versionEndExcluding: "1.5.7", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "6FA59962-1063-4AA3-8B24-C8C6FD2C7341", versionEndExcluding: "1.6.2", versionStartIncluding: "1.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4F85653B-E5DE-4654-A520-1573CD4F46DF", versionEndExcluding: "1.6.2", versionStartIncluding: "1.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise revelaron la dirección IP interna del nodo de Vault al responder a algunas peticiones HTTP no válidas y no autenticadas. Corregido en las versiones 1.6.2 y 1.5.7", }, ], id: "CVE-2021-3024", lastModified: "2024-11-21T06:20:46.583", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-01T16:15:13.217", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-05 09:29
Modified
2024-11-21 03:58
Severity ?
Summary
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018 | Release Notes, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", matchCriteriaId: "83DCD820-25B5-4395-9742-E198FD32A763", versionEndExcluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.", }, { lang: "es", value: "HashiCorp Vault en versiones anteriores a la 1.0.0 escribe la clave maestra en el registro del servidor en ciertos escenarios inusuales o mal configurados, en los cuales los datos incorrectos provienen del mecanismo de autosellado sin que se reporte un error.", }, ], id: "CVE-2018-19786", lastModified: "2024-11-21T03:58:33.150", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-05T09:29:00.257", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-23 13:15
Modified
2024-11-21 04:55
Severity ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "11BD6F5D-C0B7-4355-B4F3-E24A7D69D41D", versionEndIncluding: "1.3.3", versionStartIncluding: "0.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "5A05972B-DC6F-4846-B2C1-D226F303874B", versionEndIncluding: "1.3.3", versionStartIncluding: "0.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise versiones 0.9.0 hasta 1.3.3, pueden bajo determinadas circunstancias, presentar una membresía Entity's Group que inadvertidamente incluye Grupos a los que la Entidad ya no tiene permiso. Corregido en 1.3.4.", }, ], id: "CVE-2020-10660", lastModified: "2024-11-21T04:55:47.377", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-23T13:15:13.127", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.hashicorp.com/blog/category/vault/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-276", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-09 17:15
Modified
2024-11-21 07:57
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "9A558837-B608-49F9-848A-8C346FC49976", versionEndExcluding: "1.11.11", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0035DEF4-A8BD-4C1E-A97E-780B43A78004", versionEndExcluding: "1.11.11", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "429152A2-A76E-43F9-B172-D571E031131C", versionEndExcluding: "1.12.7", versionStartIncluding: "1.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "112FE0EC-825F-495C-96D0-4F8D2D86285B", versionEndExcluding: "1.12.7", versionStartIncluding: "1.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "B38C690C-88AF-40ED-A3B7-C9C571198529", versionEndExcluding: "1.13.3", versionStartIncluding: "1.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E4A2970F-D07A-4847-BDFE-8C57BCBF0C62", versionEndExcluding: "1.13.3", versionStartIncluding: "1.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.", }, ], id: "CVE-2023-2121", lastModified: "2024-11-21T07:57:58.620", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-09T17:15:09.467", references: [ { source: "security@hashicorp.com", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-31 23:15
Modified
2024-11-21 08:17
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "DF8B4175-8E60-4169-9D10-FE924EB1516C", versionEndExcluding: "1.13.5", versionStartIncluding: "1.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "EBC19EB3-A5B0-4165-BB49-763953AC2369", versionEndExcluding: "1.13.5", versionStartIncluding: "1.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:1.14.0:*:*:*:-:*:*:*", matchCriteriaId: "3DFB14EC-487C-454C-A712-10085D897748", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:1.14.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "DB12634A-9B34-44C0-AC11-11120295E3F2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.", }, ], id: "CVE-2023-3462", lastModified: "2024-11-21T08:17:19.147", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-31T23:15:10.360", references: [ { source: "security@hashicorp.com", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-08 17:15
Modified
2024-11-21 06:26
Severity ?
2.9 (Low) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "F2364D80-5C09-4C00-A6A0-D0A6F472A89F", versionEndExcluding: "1.7.5", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "6AACA6FE-8D99-4123-A5F8-FF54411E428A", versionEndExcluding: "1.7.5", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "BE022CF4-2E6E-44C8-BBEF-DA15F280FE31", versionEndExcluding: "1.8.4", versionStartIncluding: "1.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "05A41093-704E-45F3-AEB2-435AA30FA377", versionEndExcluding: "1.8.4", versionStartIncluding: "1.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise versiones hasta 1.7.4 y 1.8.3, permitían que un usuario con permiso de escritura en un ID de alias de entidad que compartía un accesorio de montaje con otro usuario adquiriera las políticas de este otro usuario al fusionar sus identidades. Corregido en Vault y Vault Enterprise versiones 1.7.5 y 1.8.4", }, ], id: "CVE-2021-41802", lastModified: "2024-11-21T06:26:47.460", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 2.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-08T17:15:07.853", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-29 00:15
Modified
2024-11-21 08:41
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "02EC9823-2E05-40AF-A186-D9344AC76FA5", versionEndExcluding: "1.13.0", versionStartIncluding: "0.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "EB660653-154B-4CD8-A7BA-8814C9536616", versionEndExcluding: "1.13.0", versionStartIncluding: "0.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Vault and Vault Enterprise (\"Vault\") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.", }, { lang: "es", value: "El engine de los secretos en Vault and Vault Enterprise (\"Vault\") Google Cloud no conservó la existencia de Google Cloud IAM Conditions al crear o actualizar conjuntos de roles. Corregido en Vault 1.13.0.", }, ], id: "CVE-2023-5077", lastModified: "2024-11-21T08:41:01.217", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 6, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-29T00:15:12.693", references: [ { source: "security@hashicorp.com", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-13 16:15
Modified
2024-11-21 06:17
Severity ?
Summary
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", matchCriteriaId: "D84130CE-0F11-41C3-A9FD-AA6EE7CE16A6", versionEndExcluding: "1.8.0", versionStartIncluding: "1.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "5B7DA027-4842-4F24-94A0-B6EEE93D5745", versionEndExcluding: "1.8.0", versionStartIncluding: "1.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.", }, { lang: "es", value: "HashiCorp Vault y Vault Enterprise versiones 1.4.0 hasta 1.7.3, inicializaban un archivo de base de datos subyacente asociado con la funcionalidad Integrated Storage con permisos de sistema de archivos excesivamente amplios. Corregido en Vault y Vault Enterprise versión 1.8.0.", }, ], id: "CVE-2021-38553", lastModified: "2024-11-21T06:17:25.407", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-13T16:15:08.080", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202207-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-281", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-15 00:15
Modified
2024-11-21 08:35
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", matchCriteriaId: "88214AA6-BE16-44D0-8BF3-961AA4F4912C", versionEndExcluding: "1.12.11", versionStartIncluding: "1.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "308AEF45-E549-4EA3-8028-3A95978BF44C", versionEndExcluding: "1.12.11", versionStartIncluding: "1.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", matchCriteriaId: "1190B84C-4AE0-4353-A7B3-64B646E4BCA5", versionEndExcluding: "1.13.7", versionStartIncluding: "1.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "148E1E7C-5DB9-4261-BF3B-A54C8B5F43EA", versionEndExcluding: "1.13.7", versionStartIncluding: "1.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*", matchCriteriaId: "931AAAF6-4AB0-46EB-A03F-FF98A22867C2", versionEndExcluding: "1.14.3", versionStartIncluding: "1.14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "778CBB0C-2739-4733-871A-9B053843FADC", versionEndExcluding: "1.14.3", versionStartIncluding: "1.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.", }, { lang: "es", value: "El motor de secretos de tránsito de HashiCorp Vault y Vault Enterprise permitió a los usuarios autorizados especificar nonces arbitrarios, incluso con el cifrado convergente deshabilitado. El endpoint de cifrado, en combinación con un ataque fuera de línea, podría usarse para descifrar texto cifrado arbitrario y potencialmente derivar la subclave de autenticación cuando se utiliza el motor de secretos de tránsito sin cifrado convergente. Introducido en 1.6.0 y corregido en 1.14.3, 1.13.7 y 1.12.11.", }, ], id: "CVE-2023-4680", lastModified: "2024-11-21T08:35:40.467", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.2, source: "security@hashicorp.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-15T00:15:07.967", references: [ { source: "security@hashicorp.com", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249", }, ], sourceIdentifier: "security@hashicorp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-323", }, ], source: "security@hashicorp.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }