Known Vulnerabilities for Vault by Hashicorp
Listed below are 10 of the newest known vulnerabilities associated with "Vault" by "Hashicorp".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-42135 | HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and... | 8.1 - HIGH | 2021-10-11 | 2022-07-12 |
| CVE-2021-41802 | HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID shari... | 5.4 - MEDIUM | 2021-10-08 | 2022-09-08 |
| CVE-2021-38554 | HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single s... | 5.3 - MEDIUM | 2021-08-13 | 2022-09-08 |
| CVE-2021-38553 | HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrat... | 4.4 - MEDIUM | 2021-08-13 | 2022-10-25 |
| CVE-2021-32923 | HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifical... | 7.4 - HIGH | 2021-06-03 | 2022-10-25 |
| CVE-2021-29653 | HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certific... | 7.5 - HIGH | 2021-04-22 | 2021-04-29 |
| CVE-2021-27668 | HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authenticatio... | 5.3 - MEDIUM | 2021-08-31 | 2022-09-08 |
| CVE-2021-27400 | HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not vali... | 7.5 - HIGH | 2021-04-22 | 2021-04-27 |
| CVE-2021-3282 | HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondarie... | 7.5 - HIGH | 2021-02-01 | 2022-10-25 |
| CVE-2021-3024 | HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, una... | 5.3 - MEDIUM | 2021-02-01 | 2022-09-14 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hashicorp | Vault | 1.7.0 | rc1 | All | All |
| Application | Hashicorp | Vault | 1.7.0 | rc1 | All | All |
| Application | Hashicorp | Vault | 1.6.3 | All | All | All |
| Application | Hashicorp | Vault | 1.6.3 | All | All | All |
| Application | Hashicorp | Vault | 1.6.2 | All | All | All |
| Application | Hashicorp | Vault | 1.6.2 | All | All | All |
| Application | Hashicorp | Vault | 1.6.1 | All | All | All |
| Application | Hashicorp | Vault | 1.6.1 | All | All | All |
| Application | Hashicorp | Vault | 1.6.0 | All | All | All |
| Application | Hashicorp | Vault | 1.6.0 | All | All | All |
| Application | Hashicorp | Vault | 1.5.7 | All | All | All |
| Application | Hashicorp | Vault | 1.5.7 | All | All | All |
| Application | Hashicorp | Vault | 1.5.6 | All | All | All |
| Application | Hashicorp | Vault | 1.5.6 | All | All | All |
| Application | Hashicorp | Vault | 1.5.5 | All | All | All |
| Application | Hashicorp | Vault | 1.5.5 | All | All | All |
| Application | Hashicorp | Vault | 1.5.4 | All | All | All |
| Application | Hashicorp | Vault | 1.5.4 | All | All | All |
| Application | Hashicorp | Vault | 1.5.3 | All | All | All |
| Application | Hashicorp | Vault | 1.5.3 | All | All | All |