Known Vulnerabilities for Vault by Hashicorp

Listed below are 10 of the newest known vulnerabilities associated with "Vault" by "Hashicorp".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-41316 HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL iss... Not Provided 2022-10-12 2022-10-12
CVE-2022-40186 An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was fou... Not Provided 2022-09-22 2022-11-14
CVE-2022-38149 HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by ... Not Provided 2022-08-17 2022-09-01
CVE-2022-36129 HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticate... Not Provided 2022-07-26 2022-09-01
CVE-2021-42135 HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and... 8.1 - HIGH 2021-10-11 2022-07-12
CVE-2021-41802 HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID shari... 5.4 - MEDIUM 2021-10-08 2022-09-08
CVE-2021-38554 HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single s... 5.3 - MEDIUM 2021-08-13 2022-09-08
CVE-2021-38553 HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrat... 4.4 - MEDIUM 2021-08-13 2022-10-25
CVE-2021-32923 HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifical... 7.4 - HIGH 2021-06-03 2022-10-25
CVE-2021-29653 HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certific... 7.5 - HIGH 2021-04-22 2021-04-29

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationHashicorpVault1.7.0rc1AllAll
ApplicationHashicorpVault1.7.0rc1AllAll
ApplicationHashicorpVault1.6.3AllAllAll
ApplicationHashicorpVault1.6.3AllAllAll
ApplicationHashicorpVault1.6.2AllAllAll
ApplicationHashicorpVault1.6.2AllAllAll
ApplicationHashicorpVault1.6.1AllAllAll
ApplicationHashicorpVault1.6.1AllAllAll
ApplicationHashicorpVault1.6.0AllAllAll
ApplicationHashicorpVault1.6.0AllAllAll
ApplicationHashicorpVault1.5.7AllAllAll
ApplicationHashicorpVault1.5.7AllAllAll
ApplicationHashicorpVault1.5.6AllAllAll
ApplicationHashicorpVault1.5.6AllAllAll
ApplicationHashicorpVault1.5.5AllAllAll
ApplicationHashicorpVault1.5.5AllAllAll
ApplicationHashicorpVault1.5.4AllAllAll
ApplicationHashicorpVault1.5.4AllAllAll
ApplicationHashicorpVault1.5.3AllAllAll
ApplicationHashicorpVault1.5.3AllAllAll

Popular searches for Vault

Vault by HashiCorp

www.vaultproject.io

Vault by HashiCorp Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault u s q handles leasing, key revocation, key rolling, auditing, and provides secrets as a service through a unified API.

HashiCorp Application programming interface Cloud computing Access control Key (cryptography) Public key certificate Password Computer network Application software Computer security Lexical analysis IP address Type system Encryption User (computing) Dynamic infrastructure Computing Application programming interface key User interface Command-line interface

hashicorp/vault

github.com/hashicorp/vault

hashicorp/vault A tool for secrets management, encryption as a service, and privileged access management - hashicorp

GitHub Encryption Software as a service Identity management Computer security Programming tool Secrecy Computer data storage Go (programming language) Acceptance testing Type system Software repository Source code Command-line interface Device file Xcode Amazon Web Services Microsoft Visual Studio Package manager Repository (version control)

© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report