All the vulnerabilites related to HashiCorp - Vault
cve-2023-25000
Vulnerability from cvelistv5
Published
2023-03-30 00:17
Modified
2024-08-02 11:11
Severity ?
EPSS score ?
Summary
Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:11:43.500Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230526-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.13.1", "status": "affected", "version": "1.13.0", "versionType": "semver" }, { "lessThan": "1.12.5", "status": "affected", "version": "1.12.0", "versionType": "semver" }, { "lessThan": "1.11.9", "status": "affected", "version": "1.11.0", "versionType": "semver" }, { "lessThan": "1.11.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault Enterprise", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.13.1", "status": "affected", "version": "1.13.0", "versionType": "semver" }, { "lessThan": "1.12.5", "status": "affected", "version": "1.12.0", "versionType": "semver" }, { "lessThan": "1.11.9", "status": "affected", "version": "1.11.0", "versionType": "semver" }, { "lessThan": "1.11.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Giuseppe Cocomazzi" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "HashiCorp Vault\u0027s implementation of Shamir\u0027s secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9." } ], "value": "HashiCorp Vault\u0027s implementation of Shamir\u0027s secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9." } ], "impacts": [ { "capecId": "CAPEC-204", "descriptions": [ { "lang": "en", "value": "CAPEC-204 Lifting Sensitive Data Embedded in Cache" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-208", "description": "CWE-208 Observable Timing Discrepancy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-30T00:24:51.132Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078" }, { "url": "https://security.netapp.com/advisory/ntap-20230526-0008/" } ], "source": { "advisory": "HCSEC-2023-10", "discovery": "EXTERNAL" }, "title": "Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2023-25000", "datePublished": "2023-03-30T00:17:46.230Z", "dateReserved": "2023-02-01T17:54:13.893Z", "dateUpdated": "2024-08-02T11:11:43.500Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3282
Vulnerability from cvelistv5
Published
2021-02-01 15:38
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
References
▼ | URL | Tags |
---|---|---|
https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:53:16.031Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault Enterprise 1.6.0 \u0026 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-01T20:08:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-3282", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault Enterprise 1.6.0 \u0026 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337" }, { "name": "GLSA-202207-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202207-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3282", "datePublished": "2021-02-01T15:38:48", "dateReserved": "2021-01-22T00:00:00", "dateUpdated": "2024-08-03T16:53:16.031Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0620
Vulnerability from cvelistv5
Published
2023-03-30 00:28
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
Vault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Backend
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:17:50.188Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230526-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.13.1", "status": "affected", "version": "1.13.0", "versionType": "semver" }, { "lessThan": "1.12.5", "status": "affected", "version": "1.12.0", "versionType": "semver" }, { "lessThan": "1.11.9", "status": "affected", "version": "0.8.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Android", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault Enterprise", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.13.1", "status": "affected", "version": "1.13.0", "versionType": "semver" }, { "lessThan": "1.12.5", "status": "affected", "version": "1.12.0", "versionType": "semver" }, { "lessThan": "1.11.9", "status": "affected", "version": "0.8.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Yuval Ostrovsky, Gal Goldshtein, Daniel Abeles of Oxeye" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eHashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.\u003c/p\u003eThis issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9." } ], "value": "HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.\n\nThis issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9." } ], "impacts": [ { "capecId": "CAPEC-66", "descriptions": [ { "lang": "en", "value": "CAPEC-66 SQL Injection" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-30T18:41:52.858Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1" }, { "url": "https://security.netapp.com/advisory/ntap-20230526-0008/" } ], "source": { "advisory": "HCSEC-2023-12", "discovery": "EXTERNAL" }, "title": "Vault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Backend" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2023-0620", "datePublished": "2023-03-30T00:28:13.301Z", "dateReserved": "2023-02-01T21:59:23.556Z", "dateUpdated": "2024-08-02T05:17:50.188Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2197
Vulnerability from cvelistv5
Published
2023-05-01 19:41
Modified
2024-08-02 06:12
Severity ?
EPSS score ?
Summary
Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:12:20.674Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230609-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows", "Linux", "x86", "64 bit", "32 bit" ], "product": "Vault Enterprise", "vendor": "HashiCorp", "versions": [ { "lessThanOrEqual": "1.13.1", "status": "affected", "version": "1.13.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the\u0026nbsp;CKM_AES_CBC_PAD or\u0026nbsp;CKM_AES_CBC encryption mechanisms.\u0026nbsp;An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault\u2019s root key. Fixed in 1.13.2" } ], "value": "HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the\u00a0CKM_AES_CBC_PAD or\u00a0CKM_AES_CBC encryption mechanisms.\u00a0An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault\u2019s root key. Fixed in 1.13.2" } ], "impacts": [ { "capecId": "CAPEC-463", "descriptions": [ { "lang": "en", "value": "CAPEC-463 Padding Oracle Crypto Attack" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-326", "description": "CWE-326 Inadequate Encryption Strength", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-01T19:41:17.600Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322" }, { "url": "https://security.netapp.com/advisory/ntap-20230609-0007/" } ], "source": { "discovery": "INTERNAL" }, "title": "Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2023-2197", "datePublished": "2023-05-01T19:41:17.600Z", "dateReserved": "2023-04-20T19:03:10.324Z", "dateUpdated": "2024-08-02T06:12:20.674Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2121
Vulnerability from cvelistv5
Published
2023-06-09 16:59
Modified
2024-08-02 06:12
Severity ?
EPSS score ?
Summary
Vault’s KV Diff Viewer Allowed for HTML Injection
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:12:20.468Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.13.3", "status": "affected", "version": "1.13.0", "versionType": "semver" }, { "lessThan": "1.12.7", "status": "affected", "version": "1.12.0", "versionType": "semver" }, { "lessThan": "1.11.11", "status": "affected", "version": "1.11.0", "versionType": "semver" }, { "lessThan": "1.11.0", "status": "affected", "version": "1.10.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault Enterprise", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.13.3", "status": "affected", "version": "1.13.0", "versionType": "semver" }, { "lessThan": "1.12.7", "status": "affected", "version": "1.12.0", "versionType": "semver" }, { "lessThan": "1.11.11", "status": "affected", "version": "1.11.0", "versionType": "semver" }, { "lessThan": "1.11.0", "status": "affected", "version": "1.10.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Vault and Vault Enterprise\u0027s (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11." } ], "value": "Vault and Vault Enterprise\u0027s (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-09T16:59:49.065Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814" } ], "source": { "discovery": "EXTERNAL" }, "title": "Vault\u2019s KV Diff Viewer Allowed for HTML Injection" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2023-2121", "datePublished": "2023-06-09T16:59:49.065Z", "dateReserved": "2023-04-17T14:51:51.916Z", "dateUpdated": "2024-08-02T06:12:20.468Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-5798
Vulnerability from cvelistv5
Published
2024-06-12 18:55
Modified
2024-08-01 21:25
Severity ?
EPSS score ?
Summary
Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-5798", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T19:32:41.996739Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T19:32:53.402Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:25:02.659Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2024-11-vault-incorrectly-validated-json-web-tokens-jwt-audience-claims/67770" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "changes": [ { "at": "1.15.9", "status": "unaffected" }, { "at": "1.14.13", "status": "unaffected" } ], "lessThan": "1.16.2", "status": "affected", "version": "0.11.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault Enterprise", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "changes": [ { "at": "1.15.9", "status": "unaffected" }, { "at": "1.14.13", "status": "unaffected" } ], "lessThan": "1.16.2", "status": "affected", "version": "0.11.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eVault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected.\n\nThis vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9\u003c/p\u003e\u003cbr/\u003e" } ], "value": "Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected.\n\nThis vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9" } ], "impacts": [ { "capecId": "CAPEC-1", "descriptions": [ { "lang": "en", "value": "CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 2.6, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285: Improper Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-12T18:55:24.788Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2024-11-vault-incorrectly-validated-json-web-tokens-jwt-audience-claims/67770" } ], "source": { "advisory": "HCSEC-2024-HCSEC-2024-11", "discovery": "EXTERNAL" }, "title": "Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2024-5798", "datePublished": "2024-06-12T18:55:24.788Z", "dateReserved": "2024-06-10T15:46:30.387Z", "dateUpdated": "2024-08-01T21:25:02.659Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-27668
Vulnerability from cvelistv5
Published
2021-08-31 17:01
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.
References
▼ | URL | Tags |
---|---|---|
https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T21:26:10.800Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-01T20:06:49", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-27668", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427" }, { "name": "GLSA-202207-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202207-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-27668", "datePublished": "2021-08-31T17:01:43", "dateReserved": "2021-02-24T00:00:00", "dateUpdated": "2024-08-03T21:26:10.800Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7594
Vulnerability from cvelistv5
Published
2024-09-26 19:52
Modified
2024-09-26 20:29
Severity ?
EPSS score ?
Summary
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:hashicorp:vault_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "vault_enterprise", "vendor": "hashicorp", "versions": [ { "lessThan": "1.17.6", "status": "affected", "version": "1.7.7", "versionType": "semver" }, { "status": "affected", "version": "1.16.9" }, { "status": "affected", "version": "1.15.14" } ] }, { "cpes": [ "cpe:2.3:a:hashicorp:vault_community_edition:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "vault_community_edition", "vendor": "hashicorp", "versions": [ { "lessThan": "1.17.6", "status": "affected", "version": "1.7.7", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-7594", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T20:24:40.797176Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T20:29:58.984Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.17.6", "status": "affected", "version": "1.7.7", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault Enterprise", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "changes": [ { "at": "1.16.10", "status": "unaffected" }, { "at": "1.15.15", "status": "unaffected" } ], "lessThan": "1.17.6", "status": "affected", "version": "1.7.7", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eVault\u2019s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault\u2019s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.\u003c/p\u003e\u003cbr/\u003e" } ], "value": "Vault\u2019s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault\u2019s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15." } ], "impacts": [ { "capecId": "CAPEC-1", "descriptions": [ { "lang": "en", "value": "CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-26T19:56:15.934Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2024-20-vault-ssh-secrets-engine-configuration-did-not-restrict-valid-principals-by-default/70251" } ], "source": { "advisory": "HCSEC-2024-20", "discovery": "EXTERNAL" }, "title": "Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2024-7594", "datePublished": "2024-09-26T19:52:55.652Z", "dateReserved": "2024-08-07T17:46:31.343Z", "dateUpdated": "2024-09-26T20:29:58.984Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-7220
Vulnerability from cvelistv5
Published
2020-01-23 17:41
Modified
2024-08-04 09:25
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.
References
▼ | URL | Tags |
---|---|---|
https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:25:47.990Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-23T17:41:28", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-7220", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.hashicorp.com/blog/category/vault/", "refsource": "MISC", "url": "https://www.hashicorp.com/blog/category/vault/" }, { "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020", "refsource": "CONFIRM", "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-7220", "datePublished": "2020-01-23T17:41:28", "dateReserved": "2020-01-17T00:00:00", "dateUpdated": "2024-08-04T09:25:47.990Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-8185
Vulnerability from cvelistv5
Published
2024-10-31 15:14
Modified
2024-10-31 17:11
Severity ?
EPSS score ?
Summary
Vault Vulnerable to Denial of Service When Processing Raft Join Requests
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*" ], "defaultStatus": "unaffected", "product": "vault", "vendor": "hashicorp", "versions": [ { "lessThan": "1.18.1", "status": "affected", "version": "1.2.0", "versionType": "custom" }, { "status": "unaffected", "version": "1.17.8" }, { "status": "unaffected", "version": "1.16.12" } ] }, { "cpes": [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:community:*:*:*" ], "defaultStatus": "unaffected", "product": "vault", "vendor": "hashicorp", "versions": [ { "lessThan": "1.18.1", "status": "affected", "version": "1.2.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-8185", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-31T16:54:01.728268Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-31T17:11:35.647Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.18.1", "status": "affected", "version": "1.2.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault Enterprise", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "changes": [ { "at": "1.17.8", "status": "unaffected" }, { "at": "1.16.12", "status": "unaffected" } ], "lessThan": "1.18.1", "status": "affected", "version": "1.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eVault Community and Vault Enterprise (\u201cVault\u201d) clusters using Vault\u2019s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.\n\nThis vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.\u003c/p\u003e\u003cbr/\u003e" } ], "value": "Vault Community and Vault Enterprise (\u201cVault\u201d) clusters using Vault\u2019s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.\n\nThis vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12." } ], "impacts": [ { "capecId": "CAPEC-469", "descriptions": [ { "lang": "en", "value": "CAPEC-469: HTTP DoS" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-636", "description": "CWE-636: Not Failing Securely (Failing Open)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-31T15:14:55.145Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2024-26-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-processing-raft-cluster-join-requests/71047" } ], "source": { "advisory": "HCSEC-2024-26", "discovery": "INTERNAL" }, "title": "Vault Vulnerable to Denial of Service When Processing Raft Join Requests" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2024-8185", "datePublished": "2024-10-31T15:14:55.145Z", "dateReserved": "2024-08-26T16:24:04.547Z", "dateUpdated": "2024-10-31T17:11:35.647Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41316
Vulnerability from cvelistv5
Published
2022-10-12 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:44.924Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com" }, { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221201-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise\u2019s TLS certificate auth method did not initially load the optionally configured CRL issued by the role\u0027s CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-02T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://discuss.hashicorp.com" }, { "url": "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483" }, { "url": "https://security.netapp.com/advisory/ntap-20221201-0001/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-41316", "datePublished": "2022-10-12T00:00:00", "dateReserved": "2022-09-23T00:00:00", "dateUpdated": "2024-08-03T12:42:44.924Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-25816
Vulnerability from cvelistv5
Published
2020-09-30 19:44
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4.
References
▼ | URL | Tags |
---|---|---|
https://www.hashicorp.com/blog/category/vault | x_refsource_MISC | |
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:40:36.981Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.hashicorp.com/blog/category/vault" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-12T18:26:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.hashicorp.com/blog/category/vault" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-25816", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.hashicorp.com/blog/category/vault", "refsource": "MISC", "url": "https://www.hashicorp.com/blog/category/vault" }, { "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154", "refsource": "CONFIRM", "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-25816", "datePublished": "2020-09-30T19:44:01", "dateReserved": "2020-09-23T00:00:00", "dateUpdated": "2024-08-04T15:40:36.981Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5954
Vulnerability from cvelistv5
Published
2023-11-09 20:13
Modified
2024-08-02 08:14
Severity ?
EPSS score ?
Summary
Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:14:25.126Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231227-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault", "vendor": "HashiCorp", "versions": [ { "status": "affected", "version": "1.15.0" }, { "status": "affected", "version": "1.15.1" }, { "status": "affected", "version": "1.14.3" }, { "status": "affected", "version": "1.14.4" }, { "status": "affected", "version": "1.14.5" }, { "status": "affected", "version": "1.13.7" }, { "status": "affected", "version": "1.13.8" }, { "status": "affected", "version": "1.13.9" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault Enterprise", "vendor": "HashiCorp", "versions": [ { "status": "affected", "version": "1.15.0" }, { "status": "affected", "version": "1.15.1" }, { "status": "affected", "version": "1.14.3" }, { "status": "affected", "version": "1.14.4" }, { "status": "affected", "version": "1.14.5" }, { "status": "affected", "version": "1.13.7" }, { "status": "affected", "version": "1.13.8" }, { "status": "affected", "version": "1.13.9" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10." } ], "value": "HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401: Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-09T20:13:49.346Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926" }, { "url": "https://security.netapp.com/advisory/ntap-20231227-0001/" } ], "source": { "discovery": "INTERNAL" }, "title": "Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2023-5954", "datePublished": "2023-11-09T20:13:49.346Z", "dateReserved": "2023-11-03T16:18:00.469Z", "dateUpdated": "2024-08-02T08:14:25.126Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6337
Vulnerability from cvelistv5
Published
2023-12-08 21:12
Modified
2024-08-02 08:28
Severity ?
EPSS score ?
Summary
Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:28:21.284Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240112-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "changes": [ { "at": "1.14.8", "status": "unaffected" }, { "at": "1.13.2", "status": "unaffected" } ], "lessThan": "1.15.4", "status": "affected", "version": "1.12.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault Enterprise", "vendor": "HashiCorp", "versions": [ { "changes": [ { "at": "1.14.8", "status": "unaffected" }, { "at": "1.13.2", "status": "unaffected" } ], "lessThan": "1.15.4", "status": "affected", "version": "1.12.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: transparent;\"\u003eHashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.\u003cbr\u003e\u003cbr\u003eFixed in\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eVault 1.15.4, 1.14.8, 1.13.12.\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.\n\nFixed in\u00a0Vault 1.15.4, 1.14.8, 1.13.12.\n\n" } ], "impacts": [ { "capecId": "CAPEC-130", "descriptions": [ { "lang": "en", "value": "CAPEC-130 Excessive Allocation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-08T21:12:31.712Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741" }, { "url": "https://security.netapp.com/advisory/ntap-20240112-0006/" } ], "source": { "advisory": "HCSEC-2023-34", "discovery": "USER" }, "title": "Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2023-6337", "datePublished": "2023-12-08T21:12:31.712Z", "dateReserved": "2023-11-27T18:55:16.606Z", "dateUpdated": "2024-08-02T08:28:21.284Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-27400
Vulnerability from cvelistv5
Published
2021-04-22 16:48
Modified
2024-08-03 20:48
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:48:16.803Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-22T16:48:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-27400", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463", "refsource": "CONFIRM", "url": "https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-27400", "datePublished": "2021-04-22T16:48:07", "dateReserved": "2021-02-19T00:00:00", "dateUpdated": "2024-08-03T20:48:16.803Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-45042
Vulnerability from cvelistv5
Published
2021-12-17 13:38
Modified
2024-08-04 04:32
Severity ?
EPSS score ?
Summary
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.
References
▼ | URL | Tags |
---|---|---|
https://www.hashicorp.com/blog/category/vault | x_refsource_MISC | |
https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:32:13.617Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.hashicorp.com/blog/category/vault" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-01T20:07:46", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.hashicorp.com/blog/category/vault" }, { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-45042", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.hashicorp.com/blog/category/vault", "refsource": "MISC", "url": "https://www.hashicorp.com/blog/category/vault" }, { "name": "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157" }, { "name": "GLSA-202207-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202207-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-45042", "datePublished": "2021-12-17T13:38:51", "dateReserved": "2021-12-13T00:00:00", "dateUpdated": "2024-08-04T04:32:13.617Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25244
Vulnerability from cvelistv5
Published
2022-03-07 21:41
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:36:06.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-07T21:41:52", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com" }, { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-25244", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.hashicorp.com", "refsource": "MISC", "url": "https://discuss.hashicorp.com" }, { "name": "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-25244", "datePublished": "2022-03-07T21:41:52", "dateReserved": "2022-02-16T00:00:00", "dateUpdated": "2024-08-03T04:36:06.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-16251
Vulnerability from cvelistv5
Published
2020-08-26 14:19
Modified
2024-08-04 13:37
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
References
▼ | URL | Tags |
---|---|---|
https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 | x_refsource_MISC | |
http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T13:37:54.175Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-06T18:06:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-16251", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.hashicorp.com/blog/category/vault/", "refsource": "MISC", "url": "https://www.hashicorp.com/blog/category/vault/" }, { "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151", "refsource": "MISC", "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151" }, { "name": "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-16251", "datePublished": "2020-08-26T14:19:55", "dateReserved": "2020-07-31T00:00:00", "dateUpdated": "2024-08-04T13:37:54.175Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-41802
Vulnerability from cvelistv5
Published
2021-10-08 17:00
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.
References
▼ | URL | Tags |
---|---|---|
https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/ | x_refsource_MISC | |
https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:22:24.278Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user\u2019s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:N/PR:H/S:C/UI:R", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-01T20:06:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-41802", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user\u2019s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "ADJACENT", "availabilityImpact": "NONE", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:N/PR:H/S:C/UI:R", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/" }, { "name": "GLSA-202207-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202207-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-41802", "datePublished": "2021-10-08T17:00:01", "dateReserved": "2021-09-29T00:00:00", "dateUpdated": "2024-08-04T03:22:24.278Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3024
Vulnerability from cvelistv5
Published
2021-02-01 15:45
Modified
2024-08-03 16:45
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
References
▼ | URL | Tags |
---|---|---|
https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:45:50.722Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 \u0026 1.5.7." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-01T20:09:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-3024", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 \u0026 1.5.7." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2021-02-vault-api-endpoint-exposed-internal-ip-address-without-authentication/20334" }, { "name": "GLSA-202207-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202207-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3024", "datePublished": "2021-02-01T15:45:23", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-08-03T16:45:50.722Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-19786
Vulnerability from cvelistv5
Published
2018-12-05 09:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.
References
▼ | URL | Tags |
---|---|---|
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:44:20.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-12-05T00:00:00", "descriptions": [ { "lang": "en", "value": "HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-05T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19786", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018", "refsource": "CONFIRM", "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-19786", "datePublished": "2018-12-05T09:00:00", "dateReserved": "2018-11-30T00:00:00", "dateUpdated": "2024-08-05T11:44:20.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-43998
Vulnerability from cvelistv5
Published
2021-11-30 14:59
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.
References
▼ | URL | Tags |
---|---|---|
https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.167Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-01T20:09:35", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-43998", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132" }, { "name": "GLSA-202207-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202207-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-43998", "datePublished": "2021-11-30T14:59:08", "dateReserved": "2021-11-17T00:00:00", "dateUpdated": "2024-08-04T04:10:17.167Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24999
Vulnerability from cvelistv5
Published
2023-03-10 23:12
Modified
2024-08-02 11:11
Severity ?
EPSS score ?
Summary
Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:11:43.737Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230505-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.12.4", "status": "affected", "version": "1.12.0", "versionType": "semver" }, { "lessThan": "1.11.8", "status": "affected", "version": "1.11.0", "versionType": "semver" }, { "lessThan": "1.10.11", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault Enterprise", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.12.4", "status": "affected", "version": "1.12.0", "versionType": "semver" }, { "lessThan": "1.11.8", "status": "affected", "version": "1.11.0", "versionType": "semver" }, { "lessThan": "1.10.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eHashiCorp Vault and Vault Enterprise\u2019s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.\u003c/p\u003e\u003cbr\u003e" } ], "value": "HashiCorp Vault and Vault Enterprise\u2019s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above." } ], "impacts": [ { "capecId": "CAPEC-1", "descriptions": [ { "lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-10T23:12:47.638Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305" }, { "url": "https://security.netapp.com/advisory/ntap-20230505-0001/" } ], "source": { "discovery": "EXTERNAL" }, "title": "Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2023-24999", "datePublished": "2023-03-10T23:12:47.638Z", "dateReserved": "2023-02-01T17:54:13.893Z", "dateUpdated": "2024-08-02T11:11:43.737Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-36129
Vulnerability from cvelistv5
Published
2022-07-26 22:21
Modified
2024-08-03 10:00
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1.
References
▼ | URL | Tags |
---|---|---|
https://discuss.hashicorp.com | x_refsource_MISC | |
https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220901-0011/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:00:01.365Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220901-0011/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-01T13:06:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com" }, { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220901-0011/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-36129", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.hashicorp.com", "refsource": "MISC", "url": "https://discuss.hashicorp.com" }, { "name": "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420" }, { "name": "https://security.netapp.com/advisory/ntap-20220901-0011/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220901-0011/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-36129", "datePublished": "2022-07-26T22:21:51", "dateReserved": "2022-07-18T00:00:00", "dateUpdated": "2024-08-03T10:00:01.365Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32923
Vulnerability from cvelistv5
Published
2021-06-03 10:38
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.
References
▼ | URL | Tags |
---|---|---|
https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:33:56.091Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-01T20:08:47", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-32923", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.hashicorp.com/blog/category/vault/", "refsource": "MISC", "url": "https://www.hashicorp.com/blog/category/vault/" }, { "name": "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603" }, { "name": "GLSA-202207-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202207-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-32923", "datePublished": "2021-06-03T10:38:26", "dateReserved": "2021-05-13T00:00:00", "dateUpdated": "2024-08-03T23:33:56.091Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-13223
Vulnerability from cvelistv5
Published
2020-06-10 18:45
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
References
▼ | URL | Tags |
---|---|---|
https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:11:19.474Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-12T18:51:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-13223", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.hashicorp.com/blog/category/vault/", "refsource": "MISC", "url": "https://www.hashicorp.com/blog/category/vault/" }, { "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020", "refsource": "MISC", "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-13223", "datePublished": "2020-06-10T18:45:28", "dateReserved": "2020-05-20T00:00:00", "dateUpdated": "2024-08-04T12:11:19.474Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3775
Vulnerability from cvelistv5
Published
2023-09-28 23:17
Modified
2024-09-26 21:50
Severity ?
EPSS score ?
Summary
Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:08:50.185Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-3775", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-23T18:05:23.828194Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-23T18:05:32.075Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault Enterprise", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.14.4", "status": "affected", "version": "1.14.0", "versionType": "semver" }, { "lessThan": "1.13.8", "status": "affected", "version": "1.13.0", "versionType": "semver" }, { "lessThan": "1.13.0", "status": "affected", "version": "0.11.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.\u003c/p\u003e\u003cbr/\u003e" } ], "value": "A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8." } ], "impacts": [ { "capecId": "CAPEC-469", "descriptions": [ { "lang": "en", "value": "CAPEC-469: HTTP DoS" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-26T21:50:59.474Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653" } ], "source": { "advisory": "HCSEC-2023-29", "discovery": "EXTERNAL" }, "title": "Vault Enterprise\u0027s Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2023-3775", "datePublished": "2023-09-28T23:17:24.349Z", "dateReserved": "2023-07-19T14:34:43.733Z", "dateUpdated": "2024-09-26T21:50:59.474Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3462
Vulnerability from cvelistv5
Published
2023-07-31 22:40
Modified
2024-10-21 18:04
Severity ?
EPSS score ?
Summary
Vault's LDAP Auth Method Allows for User Enumeration
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:55:03.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-3462", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-21T18:04:26.770286Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T18:04:40.093Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "platforms": [ "Windows", "MacOS", "Linux", "x86", "64 bit", "32 bit", "ARM" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThanOrEqual": "1.13.4", "status": "affected", "version": "1.13.0", "versionType": "semver" }, { "status": "affected", "version": "1.14.0" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault Enterprise", "vendor": "HashiCorp", "versions": [ { "lessThanOrEqual": "1.13.4", "status": "affected", "version": "1.13.0", "versionType": "semver" }, { "status": "affected", "version": "1.14.0" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jared Johnstone" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "HashiCorp\u0027s Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5." } ], "value": "HashiCorp\u0027s Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5." } ], "impacts": [ { "capecId": "CAPEC-575", "descriptions": [ { "lang": "en", "value": "CAPEC-575 Account Footprinting" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-31T22:40:23.432Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714" } ], "source": { "discovery": "EXTERNAL" }, "title": "Vault\u0027s LDAP Auth Method Allows for User Enumeration" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2023-3462", "datePublished": "2023-07-31T22:40:23.432Z", "dateReserved": "2023-06-29T19:00:52.239Z", "dateUpdated": "2024-10-21T18:04:40.093Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4680
Vulnerability from cvelistv5
Published
2023-09-14 23:06
Modified
2024-09-26 17:38
Severity ?
EPSS score ?
Summary
Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:31:06.556Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "vault", "vendor": "hashicorp", "versions": [ { "lessThan": "1.14.3", "status": "affected", "version": "1.14.0", "versionType": "custom" }, { "lessThan": "1.13.7", "status": "affected", "version": "1.13.0", "versionType": "custom" }, { "lessThan": "1.12.11", "status": "affected", "version": "1.12.0", "versionType": "custom" }, { "lessThan": "1.12.0", "status": "affected", "version": "1.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:hashicorp:vault_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "vault_enterprise", "vendor": "hashicorp", "versions": [ { "lessThan": "1.14.3", "status": "affected", "version": "1.14.0", "versionType": "custom" }, { "lessThan": "1.13.7", "status": "affected", "version": "1.13.0", "versionType": "custom" }, { "lessThan": "1.12.11", "status": "affected", "version": "1.12.0", "versionType": "custom" }, { "lessThan": "1.12.0", "status": "affected", "version": "1.6.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-4680", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-25T19:52:32.242060Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-25T19:58:36.730Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.14.3", "status": "affected", "version": "1.14.0", "versionType": "semver" }, { "lessThan": "1.13.7", "status": "affected", "version": "1.13.0", "versionType": "semver" }, { "lessThan": "1.12.11", "status": "affected", "version": "1.12.0", "versionType": "semver" }, { "lessThan": "1.12.0", "status": "affected", "version": "1.6.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault Enterprise", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.14.3", "status": "affected", "version": "1.14.0", "versionType": "semver" }, { "lessThan": "1.13.7", "status": "affected", "version": "1.13.0", "versionType": "semver" }, { "lessThan": "1.12.11", "status": "affected", "version": "1.12.0", "versionType": "semver" }, { "lessThan": "1.12.0", "status": "affected", "version": "1.6.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eHashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.\u003c/p\u003e\u003cbr/\u003e" } ], "value": "HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11." } ], "impacts": [ { "capecId": "CAPEC-220", "descriptions": [ { "lang": "en", "value": "CAPEC-220: Cryptanalysis" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-323", "description": "CWE-323: Reusing a Nonce, Key Pair in Encryption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-26T17:38:48.629Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249" } ], "source": { "advisory": "HCSEC-2023-28", "discovery": "EXTERNAL" }, "title": "Vault\u0027s Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2023-4680", "datePublished": "2023-09-14T23:06:24.546Z", "dateReserved": "2023-08-31T15:50:09.764Z", "dateUpdated": "2024-09-26T17:38:48.629Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2048
Vulnerability from cvelistv5
Published
2024-03-04 19:56
Modified
2024-08-08 15:18
Severity ?
EPSS score ?
Summary
Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T19:03:37.841Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0009/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:hashicorp:vault:1.15.5:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "vault", "vendor": "hashicorp", "versions": [ { "lessThan": "1.16.0", "status": "affected", "version": "1.15.5", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:hashicorp:vault_enterprise:1.15.5:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "vault_enterprise", "vendor": "hashicorp", "versions": [ { "lessThan": "1.16.0", "status": "affected", "version": "1.15.5", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2048", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-05T15:35:21.923628Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-08T15:18:54.316Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "changes": [ { "at": "1.14.10", "status": "unaffected" } ], "lessThan": "1.16.0", "status": "affected", "version": "1.15.5", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault Enterprise", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "changes": [ { "at": "1.14.10", "status": "unaffected" } ], "lessThan": "1.16.0", "status": "affected", "version": "1.15.5", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eVault and Vault Enterprise (\u201cVault\u201d) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.\u003c/p\u003e\u003cbr/\u003e" } ], "value": "Vault and Vault Enterprise (\u201cVault\u201d) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10." } ], "impacts": [ { "capecId": "CAPEC-115", "descriptions": [ { "lang": "en", "value": "CAPEC-115: Authentication Bypass" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-04T19:56:47.253Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382" }, { "url": "https://security.netapp.com/advisory/ntap-20240524-0009/" } ], "source": { "advisory": "HCSEC-2024-05", "discovery": "EXTERNAL" }, "title": "Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2024-2048", "datePublished": "2024-03-04T19:56:47.253Z", "dateReserved": "2024-03-01T00:03:34.034Z", "dateUpdated": "2024-08-08T15:18:54.316Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10661
Vulnerability from cvelistv5
Published
2020-03-23 12:57
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.
References
▼ | URL | Tags |
---|---|---|
https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:06:10.651Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-23T12:57:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10661", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.hashicorp.com/blog/category/vault/", "refsource": "MISC", "url": "https://www.hashicorp.com/blog/category/vault/" }, { "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020", "refsource": "CONFIRM", "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10661", "datePublished": "2020-03-23T12:57:03", "dateReserved": "2020-03-18T00:00:00", "dateUpdated": "2024-08-04T11:06:10.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-35177
Vulnerability from cvelistv5
Published
2020-12-17 04:17
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
References
▼ | URL | Tags |
---|---|---|
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161 | x_refsource_CONFIRM | |
https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:02:06.823Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-08T17:58:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-35177", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", "refsource": "CONFIRM", "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161" }, { "name": "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984", "refsource": "CONFIRM", "url": "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-35177", "datePublished": "2020-12-17T04:17:27", "dateReserved": "2020-12-11T00:00:00", "dateUpdated": "2024-08-04T17:02:06.823Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0831
Vulnerability from cvelistv5
Published
2024-02-01 01:41
Modified
2024-08-01 18:18
Severity ?
EPSS score ?
Summary
Vault May Expose Sensitive Information When Configuring An Audit Log Device
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-0831", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-01T14:27:53.989443Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:51.524Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:18:18.883Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311" }, { "tags": [ "x_transferred" ], "url": "https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240223-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThanOrEqual": "1.15.4", "status": "affected", "version": "1.15.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault Enterprise", "vendor": "HashiCorp", "versions": [ { "lessThanOrEqual": "1.15.4", "status": "affected", "version": "1.15.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVault and Vault Enterprise (\u201cVault\u201d) \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emay expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "Vault and Vault Enterprise (\u201cVault\u201d) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`." } ], "impacts": [ { "capecId": "CAPEC-268", "descriptions": [ { "lang": "en", "value": "CAPEC-268 Audit Log Manipulation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-01T16:07:23.308Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311" }, { "url": "https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration" }, { "url": "https://security.netapp.com/advisory/ntap-20240223-0005/" } ], "source": { "discovery": "INTERNAL" }, "title": "Vault May Expose Sensitive Information When Configuring An Audit Log Device" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2024-0831", "datePublished": "2024-02-01T01:41:33.801Z", "dateReserved": "2024-01-23T17:42:40.228Z", "dateUpdated": "2024-08-01T18:18:18.883Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-16250
Vulnerability from cvelistv5
Published
2020-08-26 14:17
Modified
2024-08-04 13:37
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..
References
▼ | URL | Tags |
---|---|---|
https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 | x_refsource_MISC | |
http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T13:37:54.193Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-06T18:06:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-16250", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.hashicorp.com/blog/category/vault/", "refsource": "MISC", "url": "https://www.hashicorp.com/blog/category/vault/" }, { "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151", "refsource": "MISC", "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151" }, { "name": "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-16250", "datePublished": "2020-08-26T14:17:44", "dateReserved": "2020-07-31T00:00:00", "dateUpdated": "2024-08-04T13:37:54.193Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-35453
Vulnerability from cvelistv5
Published
2020-12-17 04:22
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:02:07.977Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault Enterprise\u2019s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-17T04:22:34", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-35453", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault Enterprise\u2019s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161", "refsource": "CONFIRM", "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161" }, { "name": "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983", "refsource": "CONFIRM", "url": "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-35453", "datePublished": "2020-12-17T04:22:34", "dateReserved": "2020-12-14T00:00:00", "dateUpdated": "2024-08-04T17:02:07.977Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-8365
Vulnerability from cvelistv5
Published
2024-09-02 01:30
Modified
2024-09-04 17:18
Severity ?
EPSS score ?
Summary
Vault Leaks AppRole Client Tokens And Accessor in Audit Log
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-8365", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-03T13:51:10.738646Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-03T13:51:51.953Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.17.5", "status": "affected", "version": "1.17.3", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault Enterprise", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "changes": [ { "at": "1.16.9", "status": "unaffected" }, { "at": "1.17.3", "status": "unaffected" } ], "lessThan": "1.17.5", "status": "affected", "version": "1.16.7", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eVault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC\u2019d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.\u003c/p\u003e\u003cbr/\u003e" } ], "value": "Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC\u2019d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9." } ], "impacts": [ { "capecId": "CAPEC-118", "descriptions": [ { "lang": "en", "value": "CAPEC-118: Collect and Analyze Information" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-04T17:18:36.980Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2024-18-vault-leaks-client-token-and-token-accessor-in-audit-devices/" } ], "source": { "advisory": "HCSEC-2024-HCSEC-2024-18", "discovery": "INTERNAL" }, "title": "Vault Leaks AppRole Client Tokens And Accessor in Audit Log" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2024-8365", "datePublished": "2024-09-02T01:30:56.618Z", "dateReserved": "2024-08-30T22:54:58.745Z", "dateUpdated": "2024-09-04T17:18:36.980Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25243
Vulnerability from cvelistv5
Published
2022-03-07 21:45
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.
References
▼ | URL | Tags |
---|---|---|
https://discuss.hashicorp.com | x_refsource_MISC | |
https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:36:06.555Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "\"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-01T20:09:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com" }, { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-25243", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "\"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.hashicorp.com", "refsource": "MISC", "url": "https://discuss.hashicorp.com" }, { "name": "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600" }, { "name": "GLSA-202207-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202207-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-25243", "datePublished": "2022-03-07T21:45:16", "dateReserved": "2022-02-16T00:00:00", "dateUpdated": "2024-08-03T04:36:06.555Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40186
Vulnerability from cvelistv5
Published
2022-09-22 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:14:39.950Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com" }, { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221111-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-14T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://discuss.hashicorp.com" }, { "url": "https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550" }, { "url": "https://security.netapp.com/advisory/ntap-20221111-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-40186", "datePublished": "2022-09-22T00:00:00", "dateReserved": "2022-09-08T00:00:00", "dateUpdated": "2024-08-03T12:14:39.950Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2660
Vulnerability from cvelistv5
Published
2024-04-04 17:55
Modified
2024-09-26 00:13
Severity ?
EPSS score ?
Summary
Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-2660", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-09T16:05:40.204182Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:29:09.743Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:18:48.125Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240524-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.16.0", "status": "affected", "version": "1.14.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault Enterprise", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "changes": [ { "at": "1.14.11", "status": "unaffected" }, { "at": "1.15.7", "status": "unaffected" } ], "lessThan": "1.16.0", "status": "affected", "version": "1.14.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eVault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.\u003c/p\u003e\u003cbr/\u003e" } ], "value": "Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11." } ], "impacts": [ { "capecId": "CAPEC-26", "descriptions": [ { "lang": "en", "value": "CAPEC-26: Leveraging Race Conditions" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-636", "description": "CWE-636: Not Failing Securely (Failing Open)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-26T00:13:17.242Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573" } ], "source": { "advisory": "HCSEC-2024-07", "discovery": "INTERNAL" }, "title": "Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2024-2660", "datePublished": "2024-04-04T17:55:20.192Z", "dateReserved": "2024-03-19T17:34:27.401Z", "dateUpdated": "2024-09-26T00:13:17.242Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5077
Vulnerability from cvelistv5
Published
2023-09-28 23:24
Modified
2024-09-26 21:57
Severity ?
EPSS score ?
Summary
Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:44:53.829Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "vault", "vendor": "hashicorp", "versions": [ { "lessThan": "1.13.0", "status": "affected", "version": "0.10.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*" ], "defaultStatus": "unaffected", "product": "vault", "vendor": "hashicorp", "versions": [ { "lessThan": "1.13.0", "status": "affected", "version": "00.10.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-5077", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-23T18:01:43.234358Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-23T18:04:49.264Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.13.0", "status": "affected", "version": "0.10.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault Enterprise", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.13.0", "status": "affected", "version": "0.10.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThe Vault and Vault Enterprise (\"Vault\") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.\u003c/p\u003e\u003cbr/\u003e" } ], "value": "The Vault and Vault Enterprise (\"Vault\") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0." } ], "impacts": [ { "capecId": "CAPEC-122", "descriptions": [ { "lang": "en", "value": "CAPEC-122: Privilege Abuse" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-26T21:57:22.469Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654" } ], "source": { "advisory": "HCSEC-2023-30", "discovery": "EXTERNAL" }, "title": "Vault\u0027s Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2023-5077", "datePublished": "2023-09-28T23:24:28.643Z", "dateReserved": "2023-09-19T20:49:08.136Z", "dateUpdated": "2024-09-26T21:57:22.469Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38554
Vulnerability from cvelistv5
Published
2021-08-13 15:45
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
References
▼ | URL | Tags |
---|---|---|
https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:44:23.408Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise\u2019s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-01T20:09:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-38554", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise\u2019s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166" }, { "name": "GLSA-202207-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202207-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-38554", "datePublished": "2021-08-13T15:45:50", "dateReserved": "2021-08-11T00:00:00", "dateUpdated": "2024-08-04T01:44:23.408Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0665
Vulnerability from cvelistv5
Published
2023-03-30 00:21
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:17:50.328Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230526-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.13.1", "status": "affected", "version": "1.13.0", "versionType": "semver" }, { "lessThan": "1.12.5", "status": "affected", "version": "1.12.0", "versionType": "semver" }, { "lessThan": "1.11.9", "status": "affected", "version": "1.11.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit" ], "product": "Vault Enterprise", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.13.1", "status": "affected", "version": "1.13.0", "versionType": "semver" }, { "lessThan": "1.12.5", "status": "affected", "version": "1.12.0", "versionType": "semver" }, { "lessThan": "1.11.9", "status": "affected", "version": "1.11.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "HashiCorp Vault\u0027s PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.." } ], "value": "HashiCorp Vault\u0027s PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-30T00:24:44.582Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1" }, { "url": "https://security.netapp.com/advisory/ntap-20230526-0008/" } ], "source": { "advisory": "HCSEC-2023-11", "discovery": "INTERNAL" }, "title": "Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2023-0665", "datePublished": "2023-03-30T00:21:47.676Z", "dateReserved": "2023-02-03T21:24:59.629Z", "dateUpdated": "2024-08-02T05:17:50.328Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-25594
Vulnerability from cvelistv5
Published
2021-02-01 15:41
Modified
2024-08-04 15:33
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
References
▼ | URL | Tags |
---|---|---|
https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:33:05.746Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 \u0026 1.5.7." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-01T20:07:59", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-25594", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 \u0026 1.5.7." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336" }, { "name": "GLSA-202207-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202207-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-25594", "datePublished": "2021-02-01T15:41:36", "dateReserved": "2020-09-15T00:00:00", "dateUpdated": "2024-08-04T15:33:05.746Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12757
Vulnerability from cvelistv5
Published
2020-06-10 18:46
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2.
References
▼ | URL | Tags |
---|---|---|
https://www.hashicorp.com/blog/category/vault/ | x_refsource_CONFIRM | |
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:04:22.829Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-12T18:31:46", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12757", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.hashicorp.com/blog/category/vault/", "refsource": "CONFIRM", "url": "https://www.hashicorp.com/blog/category/vault/" }, { "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020", "refsource": "MISC", "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12757", "datePublished": "2020-06-10T18:46:12", "dateReserved": "2020-05-09T00:00:00", "dateUpdated": "2024-08-04T12:04:22.829Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10660
Vulnerability from cvelistv5
Published
2020-03-23 12:55
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.
References
▼ | URL | Tags |
---|---|---|
https://www.hashicorp.com/blog/category/vault/ | x_refsource_MISC | |
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:06:10.655Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity\u0027s Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-23T12:55:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.hashicorp.com/blog/category/vault/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10660", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity\u0027s Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.hashicorp.com/blog/category/vault/", "refsource": "MISC", "url": "https://www.hashicorp.com/blog/category/vault/" }, { "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020", "refsource": "CONFIRM", "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10660", "datePublished": "2020-03-23T12:55:42", "dateReserved": "2020-03-18T00:00:00", "dateUpdated": "2024-08-04T11:06:10.655Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38553
Vulnerability from cvelistv5
Published
2021-08-13 15:48
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
References
▼ | URL | Tags |
---|---|---|
https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:44:23.384Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-01T20:07:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-38553", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168" }, { "name": "GLSA-202207-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202207-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-38553", "datePublished": "2021-08-13T15:48:47", "dateReserved": "2021-08-11T00:00:00", "dateUpdated": "2024-08-04T01:44:23.384Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42135
Vulnerability from cvelistv5
Published
2021-10-11 02:52
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:30:38.162Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-11T02:52:59", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-42135", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-42135", "datePublished": "2021-10-11T02:52:59", "dateReserved": "2021-10-11T00:00:00", "dateUpdated": "2024-08-04T03:30:38.162Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-9180
Vulnerability from cvelistv5
Published
2024-10-10 20:54
Modified
2024-11-08 22:27
Severity ?
EPSS score ?
Summary
Vault Operators in Root Namespace May Elevate Their Privileges
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "vault", "vendor": "hashicorp", "versions": [ { "lessThan": "1.18.0", "status": "affected", "version": "0.10.4", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*" ], "defaultStatus": "unaffected", "product": "vault", "vendor": "hashicorp", "versions": [ { "lessThan": "1.18.0", "status": "affected", "version": "0.10.4", "versionType": "semver" }, { "status": "unaffected", "version": "1.17.7" }, { "status": "unaffected", "version": "1.16.11" }, { "status": "unaffected", "version": "1.15.16" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-9180", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T15:34:50.417514Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T22:27:31.042Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.18.0", "status": "affected", "version": "0.10.4", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault Enterprise", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "changes": [ { "at": "1.17.7", "status": "unaffected" }, { "at": "1.16.10", "status": "unaffected" }, { "at": "1.15.16", "status": "unaffected" } ], "lessThan": "1.18.0", "status": "affected", "version": "0.10.4", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their own or another user\u2019s privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.\u003c/p\u003e\u003cbr/\u003e" } ], "value": "A privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their own or another user\u2019s privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16." } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233: Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-18T19:48:21.134Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565" } ], "source": { "advisory": "HCSEC-2024-21", "discovery": "INTERNAL" }, "title": "Vault Operators in Root Namespace May Elevate Their Privileges" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2024-9180", "datePublished": "2024-10-10T20:54:57.084Z", "dateReserved": "2024-09-25T18:00:56.306Z", "dateUpdated": "2024-11-08T22:27:31.042Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-35192
Vulnerability from cvelistv5
Published
2020-12-17 01:33
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
References
▼ | URL | Tags |
---|---|---|
https://github.com/koharin/koharin2/blob/main/CVE-2020-35192 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:02:06.882Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-17T01:33:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-35192", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192", "refsource": "MISC", "url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35192" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-35192", "datePublished": "2020-12-17T01:33:02", "dateReserved": "2020-12-12T00:00:00", "dateUpdated": "2024-08-04T17:02:06.882Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-30689
Vulnerability from cvelistv5
Published
2022-05-17 17:23
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
References
▼ | URL | Tags |
---|---|---|
https://discuss.hashicorp.com | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220629-0006/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202207-01 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:56:13.763Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.hashicorp.com" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220629-0006/" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-01T20:07:32", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.hashicorp.com" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220629-0006/" }, { "name": "GLSA-202207-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202207-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-30689", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.hashicorp.com", "refsource": "MISC", "url": "https://discuss.hashicorp.com" }, { "name": "https://security.netapp.com/advisory/ntap-20220629-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220629-0006/" }, { "name": "GLSA-202207-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202207-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-30689", "datePublished": "2022-05-17T17:23:05", "dateReserved": "2022-05-13T00:00:00", "dateUpdated": "2024-08-03T06:56:13.763Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6468
Vulnerability from cvelistv5
Published
2024-07-11 20:40
Modified
2024-08-01 21:41
Severity ?
EPSS score ?
Summary
Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault | |
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "vault", "vendor": "hashicorp", "versions": [ { "lessThan": "1.15.11", "status": "affected", "version": "1.10.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:hashicorp:vault_enterprise:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "vault_enterprise", "vendor": "hashicorp", "versions": [ { "lessThan": "1.15.11", "status": "affected", "version": "1.10.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6468", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-12T14:14:37.815771Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-12T14:16:55.605Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:41:03.514Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2024-14-vault-vulnerable-to-denial-of-service-when-setting-a-proxy-protocol-behavior/68518" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.15.11", "status": "affected", "version": "1.10.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault Enterprise", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [ { "lessThan": "1.15.11", "status": "affected", "version": "1.10.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eVault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service.\n\nWhile this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur.\n\nFixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12.\u003c/p\u003e\u003cbr/\u003e" } ], "value": "Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service.\n\nWhile this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur.\n\nFixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12." } ], "impacts": [ { "capecId": "CAPEC-469", "descriptions": [ { "lang": "en", "value": "CAPEC-469: HTTP DoS" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-703", "description": "CWE-703: Improper Check or Handling of Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-11T20:40:12.298Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2024-14-vault-vulnerable-to-denial-of-service-when-setting-a-proxy-protocol-behavior/68518" } ], "source": { "advisory": "HCSEC-2024-HCSEC-2024-14", "discovery": "INTERNAL" }, "title": "Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2024-6468", "datePublished": "2024-07-11T20:40:12.298Z", "dateReserved": "2024-07-03T03:55:06.235Z", "dateUpdated": "2024-08-01T21:41:03.514Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3774
Vulnerability from cvelistv5
Published
2023-07-28 00:45
Modified
2024-10-22 18:22
Severity ?
EPSS score ?
Summary
Vault Enterprise Namespace Creation May Lead to Denial of Service
References
Impacted products
▼ | Vendor | Product |
---|---|---|
HashiCorp | Vault Enterprise |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:08:49.980Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-3774", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T18:22:20.353490Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T18:22:38.101Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux" ], "product": "Vault Enterprise", "vendor": "HashiCorp", "versions": [ { "status": "affected", "version": "1.14.0" }, { "status": "affected", "version": "1.13.4" }, { "status": "affected", "version": "1.12.8" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eAn unhandled error in Vault Enterprise\u0027s namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.\u003c/p\u003e\u003cbr/\u003e" } ], "value": "An unhandled error in Vault Enterprise\u0027s namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9." } ], "impacts": [ { "capecId": "CAPEC-469", "descriptions": [ { "lang": "en", "value": "CAPEC-469: HTTP DoS" } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-248", "description": "CWE-248: Uncaught Exception", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-26T21:45:44.680Z", "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp" }, "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617" } ], "source": { "advisory": "HCSEC-2023-23", "discovery": "INTERNAL" }, "title": "Vault Enterprise Namespace Creation May Lead to Denial of Service" } }, "cveMetadata": { "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "assignerShortName": "HashiCorp", "cveId": "CVE-2023-3774", "datePublished": "2023-07-28T00:45:04.379Z", "dateReserved": "2023-07-19T14:24:44.833Z", "dateUpdated": "2024-10-22T18:22:38.101Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29653
Vulnerability from cvelistv5
Published
2021-04-22 16:41
Modified
2024-08-03 22:11
Severity ?
EPSS score ?
Summary
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:11:06.264Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-22T16:41:46", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-29653", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2", "refsource": "CONFIRM", "url": "https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-29653", "datePublished": "2021-04-22T16:41:46", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-08-03T22:11:06.264Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }