Topics tagged security-vault

Topic	Views	Activity
HCSEC-2024-26 - Vault Vulnerable to Denial of Service Through Memory Exhaustion When Processing Raft Cluster Join Requests Security security-vault	1204	October 31, 2024
HCSEC-2024-21 - Vault Operators in Root Namespace May Elevate Their Privileges Security security-vault	2658	October 10, 2024
HCSEC-2024-20 - Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default Security security-vault	2040	September 26, 2024
HCSEC-2024-18 - Vault Leaks Client Token and Token Accessor in Audit Devices Security security-vault	2611	August 31, 2024
HCSEC-2024-14 - Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior Security security-vault	1912	July 11, 2024
HCSEC-2024-11 - Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims Security security-vault	3464	June 12, 2024
HCSEC-2024-10 - Vault Enterprise Leaks Sensitive HTTP Request Headers in Audit Log When Deployed With a Performance Standby Node Security security-vault	3894	April 30, 2024
HCSEC-2024-07 - Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses Security security-vault	5087	April 4, 2024
HCSEC-2024-05 - Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates Security security-vault	9482	March 4, 2024
HCSEC-2024-01 - Vault May Expose Sensitive Information When Configuring An Audit Log Device Security security-vault	6374	February 1, 2024
HCSEC-2023-34 - Vault Vulnerable to Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests Security security-vault	9345	December 8, 2023
HCSEC-2023-33 - Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption Security security-vault	7845	November 9, 2023
HCSEC-2023-32 - Vault, Consul, and Boundary Affected By HTTP/2 “Rapid Reset” Denial of Service Vulnerability (CVE-2023-44487) Security security-consul , security-vault , security-boundary	13203	November 2, 2023
HCSEC-2023-30 - Vault’s Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets Security security-vault	7820	September 28, 2023
HCSEC-2023-29 - Vault Enterprise’s Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service Security security-vault	7907	September 28, 2023
HCSEC-2023-28 - Vault’s Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption Security security-vault	8370	September 14, 2023
HCSEC-2023-24 - Vault's LDAP Auth Method Allows for User Enumeration Security security-vault	8275	July 31, 2023
HCSEC-2023-23 - Vault Enterprise Namespace Creation May Lead to Denial of Service Security security-vault	7940	July 28, 2023
HCSEC-2023-17 - Vault’s KV Diff Viewer Allowed HTML Injection Security security-vault	6766	June 9, 2023
HCSEC-2023-14 - Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-Based Encryption Mechanism with a HSM Security security-vault	6062	May 1, 2023
HCSEC-2023-12 - Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File Security security-vault	7371	March 30, 2023
HCSEC-2023-11 - Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata Security security-vault	6271	March 30, 2023
HCSEC-2023-10 - Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations Security security-vault	7746	March 30, 2023
HCSEC-2023-07 - Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation Security security-vault	6688	March 10, 2023
HCSEC-2023-02 - Vault, Consul, Boundary, and Waypoint Affected By Denial of Service in Go’s net/http (CVE-2022-41717) Security security-consul , security-vault , security-boundary , security-waypoint	5309	February 8, 2023
HCSEC-2022-24 - Vault's TLS Cert Auth Method Only Loaded CRL After First Request Security security-vault	6843	October 12, 2022
HCSEC-2022-18 - Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity Security security-vault	7745	September 20, 2022
HCSEC-2022-15 - Vault Enterprise Does Not Verify Existing Voter Status When Joining An Integrated Storage HA Node Security security-vault	8270	July 26, 2022
HCSEC-2022-12 - Vault’s Login MFA Configuration And Enforcement Not Reloaded After Restart Security security-vault	4237	May 16, 2022
HCSEC-2022-09 - Vault PKI Secrets Engine Policy Results In Incorrect Wildcard Certificate Issuance Security security-vault	7917	March 4, 2022