Filtered by vendor Hashicorp
Subscriptions
Filtered by product Vault
Subscriptions
Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35192 | 1 Hashicorp | 1 Vault | 2020-12-18 | 9.8 Critical |
| The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-12757 | 1 Hashicorp | 1 Vault | 2020-10-12 | 9.8 Critical |
| HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2. | ||||
| CVE-2020-10660 | 1 Hashicorp | 1 Vault | 2020-03-30 | 5.3 Medium |
| HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4. | ||||
| CVE-2020-10661 | 1 Hashicorp | 1 Vault | 2020-03-25 | 9.1 Critical |
| HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4. | ||||
| CVE-2018-19786 | 1 Hashicorp | 1 Vault | 2018-12-27 | N/A |
| HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported. | ||||