Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
hashicorp

vault

36 Versions 19 CVEs

Versions

1.15.16

SEMANTIC 1 CVE

00.10.0

SEMANTIC 1 CVE

1.16.12

SEMANTIC 1 CVE

1.17.8

SEMANTIC 1 CVE

1.16.11

SEMANTIC 1 CVE

1.17.7

SEMANTIC 1 CVE

1.13.8

SEMANTIC 1 CVE

1.2.0

SEMANTIC 1 CVE

1.14.10

SEMANTIC 1 CVE

1.15.5

SEMANTIC 1 CVE

0.10.0

SEMANTIC 1 CVE

1.13.7

SEMANTIC 1 CVE

1.14.0

SEMANTIC 3 CVEs

1.12.0

SEMANTIC 7 CVEs

1.14.5

SEMANTIC 1 CVE

1.13.9

SEMANTIC 1 CVE

1.13.0

SEMANTIC 6 CVEs

1.6.0

SEMANTIC 1 CVE

1.15.9

SEMANTIC 1 CVE

1.7.7

SEMANTIC 1 CVE

1.13.4

SEMANTIC 1 CVE

0.10.4

SEMANTIC 1 CVE

1.13.2

SEMANTIC 1 CVE

1.15.1

SEMANTIC 1 CVE

1.14.4

SEMANTIC 1 CVE

1.15.4

SEMANTIC 1 CVE

1.17.3

SEMANTIC 1 CVE

1.14.3

SEMANTIC 1 CVE

1.14.8

SEMANTIC 1 CVE

1.10.0

SEMANTIC 2 CVEs

0

SINGLE_NUMBER 2 CVEs

0.11.0

SEMANTIC 1 CVE

1.15.0

SEMANTIC 2 CVEs

1.14.13

SEMANTIC 1 CVE

0.8.0

SEMANTIC 1 CVE

1.11.0

SEMANTIC 4 CVEs

Recent CVEs

CVE-2024-8185

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself. This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.

HIGH Oct 31, 2024

CVE-2024-9180

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.

HIGH Oct 10, 2024

CVE-2024-7594

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.

HIGH Sep 26, 2024

CVE-2024-8365

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.

MEDIUM Sep 02, 2024

CVE-2024-6468

Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service. While this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur. Fixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12.

HIGH Jul 11, 2024

CVE-2024-5798

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected. This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9

LOW Jun 12, 2024

CVE-2024-2660

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.

MEDIUM Apr 04, 2024

CVE-2023-4680

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.

MEDIUM Sep 14, 2023

CVE-2023-3462

HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.

MEDIUM Jul 31, 2023

CVE-2023-2121

Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.

MEDIUM Jun 09, 2023