Topics tagged security-vault

Topic	Replies	Views	Activity
HCSEC-2022-24 - Vault's TLS Cert Auth Method Only Loaded CRL After First Request Security security-vault	0	879	October 12, 2022
HCSEC-2022-18 - Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity Security security-vault	0	1632	September 20, 2022
HCSEC-2022-15 - Vault Enterprise Does Not Verify Existing Voter Status When Joining An Integrated Storage HA Node Security security-vault	0	2328	July 26, 2022
HCSEC-2022-12 - Vault’s Login MFA Configuration And Enforcement Not Reloaded After Restart Security security-vault	0	582	May 16, 2022
HCSEC-2022-09 - Vault PKI Secrets Engine Policy Results In Incorrect Wildcard Certificate Issuance Security security-vault	0	2224	March 4, 2022
HCSEC-2022-08 - Vault Enterprise’s Tokenization Transform Configuration Endpoint May Expose Transform Key Security security-vault	0	1992	March 4, 2022
HCSEC-2021-30 - Vault's Templated ACL Policies Matched First-Created Alias Per Entity and Auth Backend Security security-vault	1	2861	January 6, 2022
HCSEC-2021-34 - Vault, Consul, Boundary, and Waypoint Affected By Denial of Service in Golang’s net/http (CVE-2021-44716) Security security-consul , security-vault , security-boundary , security-waypoint	0	1300	December 22, 2021
HCSEC-2021-33 - Vault’s KV Secrets Engine With Integrated Storage Exposed to Authenticated Denial of Service Security security-vault	0	2067	December 14, 2021
HCSEC-2021-28 - Vault's Google Cloud Secrets Engine Policies With Globs May Provide Additional Privileges in Vault 1.8.0 Onwards Security security-vault	0	2157	October 7, 2021
HCSEC-2021-27 - Vault Merging Multiple Entity Aliases for the Same Mount May Allow Privilege Escalation Security security-vault	0	2605	October 7, 2021
HCSEC-2020-20 - Vault Leases Created with Batch Tokens have Invalid Expiration Security security-vault	1	947	September 2, 2021
HCSEC-2021-20 - Vault’s Integrated Storage Backend Database File May Have Excessively Broad Permissions Security security-vault	1	3216	September 2, 2021
HCSEC-2021-19 - Vault’s UI Cached User-Viewed Secrets Between Shared Browser Sessions Security security-vault	0	2400	August 12, 2021
HCSEC-2021-15 - Vault Renewed Nearly-Expired Leases With Incorrect Non-Expiring TTLs Security security-vault	1	3124	June 2, 2021
HCSEC-2021-13 - Vault GitHub Action Did Not Correctly Mask Multi-Line Secrets In Output Security security-vault	0	2418	May 6, 2021
HCSEC-2021-12 - Codecov Security Event and HashiCorp GPG Key Exposure Security security-nomad , security-consul , security-vault , security-terraform	2	53689	May 4, 2021
HCSEC-2021-10 - Vault’s Cassandra Integrations Did Not Validate TLS Certificates Security security-vault	0	2910	April 21, 2021
HCSEC-2021-11 - Terraform’s Vault Provider Did Not Correctly Configure Bound Labels for GCP Auth Security security-vault , security-terraform	0	2741	April 21, 2021
HCSEC-2021-09 - Vault’s PKI Engine CRL May Exclude Revoked But Unexpired Certificates After Tidy Security security-vault	0	2939	April 21, 2021
HCSEC-2021-05 - Vault Enterprise’s DR Secondaries Exposed License Metadata Without Authentication Security security-vault	0	2500	February 26, 2021
HCSEC-2021-03 - Vault API Endpoint Allowed Enumeration of Secrets Engine Mount Paths Without Authentication Security security-vault	0	3167	January 29, 2021
HCSEC-2021-02 - Vault API Endpoint Exposed Internal IP Address Without Authentication Security security-vault	0	2831	January 29, 2021
HCSEC-2021-04 - Vault Enterprise’s DR Secondaries Allowed Raft Peer Removal Without Authentication Security security-vault	0	2648	January 29, 2021
HCSEC-2020-25 - Vault’s LDAP Auth Method Allows User Enumeration Security security-vault	0	2765	December 16, 2020
HCSEC-2020-24 - Vault Enterprise’s Sentinel EGP Policies May Impact Parent or Sibling Namespaces Security security-vault	0	2305	December 16, 2020
HCSEC-2020-18 - Vault SSH Helper Validated IP Addresses Incorrectly Security security-vault	0	710	November 25, 2020
HCSEC-2020-17 - Vault’s GCP Auth Method Allows Authentication Bypass Security security-vault	0	765	November 25, 2020
HCSEC-2020-16 - Vault’s AWS Auth Method Allows Authentication Bypass Security security-vault	0	820	November 25, 2020
HCSEC-2020-13 - Vault Proxy Environment Variable Was Logged to STDOUT Security security-vault	0	706	November 25, 2020