|
HCSEC-2023-07 - Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
|
|
0
|
765
|
March 10, 2023
|
|
HCSEC-2023-02 - Vault, Consul, Boundary, and Waypoint Affected By Denial of Service in Go’s net/http (CVE-2022-41717)
|
|
0
|
787
|
February 8, 2023
|
|
HCSEC-2022-24 - Vault's TLS Cert Auth Method Only Loaded CRL After First Request
|
|
0
|
1754
|
October 12, 2022
|
|
HCSEC-2022-18 - Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity
|
|
0
|
2576
|
September 20, 2022
|
|
HCSEC-2022-15 - Vault Enterprise Does Not Verify Existing Voter Status When Joining An Integrated Storage HA Node
|
|
0
|
3176
|
July 26, 2022
|
|
HCSEC-2022-12 - Vault’s Login MFA Configuration And Enforcement Not Reloaded After Restart
|
|
0
|
1019
|
May 16, 2022
|
|
HCSEC-2022-09 - Vault PKI Secrets Engine Policy Results In Incorrect Wildcard Certificate Issuance
|
|
0
|
2950
|
March 4, 2022
|
|
HCSEC-2022-08 - Vault Enterprise’s Tokenization Transform Configuration Endpoint May Expose Transform Key
|
|
0
|
2649
|
March 4, 2022
|
|
HCSEC-2021-30 - Vault's Templated ACL Policies Matched First-Created Alias Per Entity and Auth Backend
|
|
1
|
3506
|
January 6, 2022
|
|
HCSEC-2021-34 - Vault, Consul, Boundary, and Waypoint Affected By Denial of Service in Golang’s net/http (CVE-2021-44716)
|
|
0
|
1745
|
December 22, 2021
|
|
HCSEC-2021-33 - Vault’s KV Secrets Engine With Integrated Storage Exposed to Authenticated Denial of Service
|
|
0
|
2653
|
December 14, 2021
|
|
HCSEC-2021-28 - Vault's Google Cloud Secrets Engine Policies With Globs May Provide Additional Privileges in Vault 1.8.0 Onwards
|
|
0
|
2758
|
October 7, 2021
|
|
HCSEC-2021-27 - Vault Merging Multiple Entity Aliases for the Same Mount May Allow Privilege Escalation
|
|
0
|
3230
|
October 7, 2021
|
|
HCSEC-2020-20 - Vault Leases Created with Batch Tokens have Invalid Expiration
|
|
1
|
1296
|
September 2, 2021
|
|
HCSEC-2021-20 - Vault’s Integrated Storage Backend Database File May Have Excessively Broad Permissions
|
|
1
|
3897
|
September 2, 2021
|
|
HCSEC-2021-19 - Vault’s UI Cached User-Viewed Secrets Between Shared Browser Sessions
|
|
0
|
2998
|
August 12, 2021
|
|
HCSEC-2021-15 - Vault Renewed Nearly-Expired Leases With Incorrect Non-Expiring TTLs
|
|
1
|
3730
|
June 2, 2021
|
|
HCSEC-2021-13 - Vault GitHub Action Did Not Correctly Mask Multi-Line Secrets In Output
|
|
0
|
3022
|
May 6, 2021
|
|
HCSEC-2021-12 - Codecov Security Event and HashiCorp GPG Key Exposure
|
|
2
|
56097
|
May 4, 2021
|
|
HCSEC-2021-10 - Vault’s Cassandra Integrations Did Not Validate TLS Certificates
|
|
0
|
3504
|
April 21, 2021
|
|
HCSEC-2021-11 - Terraform’s Vault Provider Did Not Correctly Configure Bound Labels for GCP Auth
|
|
0
|
3341
|
April 21, 2021
|
|
HCSEC-2021-09 - Vault’s PKI Engine CRL May Exclude Revoked But Unexpired Certificates After Tidy
|
|
0
|
3576
|
April 21, 2021
|
|
HCSEC-2021-05 - Vault Enterprise’s DR Secondaries Exposed License Metadata Without Authentication
|
|
0
|
3042
|
February 26, 2021
|
|
HCSEC-2021-03 - Vault API Endpoint Allowed Enumeration of Secrets Engine Mount Paths Without Authentication
|
|
0
|
3740
|
January 29, 2021
|
|
HCSEC-2021-02 - Vault API Endpoint Exposed Internal IP Address Without Authentication
|
|
0
|
3392
|
January 29, 2021
|
|
HCSEC-2021-04 - Vault Enterprise’s DR Secondaries Allowed Raft Peer Removal Without Authentication
|
|
0
|
3217
|
January 29, 2021
|
|
HCSEC-2020-25 - Vault’s LDAP Auth Method Allows User Enumeration
|
|
0
|
3339
|
December 16, 2020
|
|
HCSEC-2020-24 - Vault Enterprise’s Sentinel EGP Policies May Impact Parent or Sibling Namespaces
|
|
0
|
2851
|
December 16, 2020
|
|
HCSEC-2020-18 - Vault SSH Helper Validated IP Addresses Incorrectly
|
|
0
|
1054
|
November 25, 2020
|
|
HCSEC-2020-17 - Vault’s GCP Auth Method Allows Authentication Bypass
|
|
0
|
1114
|
November 25, 2020
|