|
HCSEC-2024-05 - Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates
|
|
0
|
10155
|
March 4, 2024
|
|
HCSEC-2024-01 - Vault May Expose Sensitive Information When Configuring An Audit Log Device
|
|
0
|
6602
|
February 1, 2024
|
|
HCSEC-2023-34 - Vault Vulnerable to Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
|
|
0
|
9586
|
December 8, 2023
|
|
HCSEC-2023-33 - Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
|
|
0
|
7991
|
November 9, 2023
|
|
HCSEC-2023-32 - Vault, Consul, and Boundary Affected By HTTP/2 “Rapid Reset” Denial of Service Vulnerability (CVE-2023-44487)
|
|
0
|
13989
|
November 2, 2023
|
|
HCSEC-2023-30 - Vault’s Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
|
|
0
|
7921
|
September 28, 2023
|
|
HCSEC-2023-29 - Vault Enterprise’s Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
|
|
0
|
8004
|
September 28, 2023
|
|
HCSEC-2023-28 - Vault’s Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
|
|
0
|
8500
|
September 14, 2023
|
|
HCSEC-2023-24 - Vault's LDAP Auth Method Allows for User Enumeration
|
|
0
|
8422
|
July 31, 2023
|
|
HCSEC-2023-23 - Vault Enterprise Namespace Creation May Lead to Denial of Service
|
|
0
|
8051
|
July 28, 2023
|
|
HCSEC-2023-17 - Vault’s KV Diff Viewer Allowed HTML Injection
|
|
0
|
6937
|
June 9, 2023
|
|
HCSEC-2023-14 - Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-Based Encryption Mechanism with a HSM
|
|
0
|
6129
|
May 1, 2023
|
|
HCSEC-2023-12 - Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
|
|
0
|
7477
|
March 30, 2023
|
|
HCSEC-2023-11 - Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata
|
|
0
|
6398
|
March 30, 2023
|
|
HCSEC-2023-10 - Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations
|
|
0
|
7865
|
March 30, 2023
|
|
HCSEC-2023-07 - Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
|
|
0
|
6805
|
March 10, 2023
|
|
HCSEC-2023-02 - Vault, Consul, Boundary, and Waypoint Affected By Denial of Service in Go’s net/http (CVE-2022-41717)
|
|
0
|
5371
|
February 8, 2023
|
|
HCSEC-2022-24 - Vault's TLS Cert Auth Method Only Loaded CRL After First Request
|
|
0
|
7062
|
October 12, 2022
|
|
HCSEC-2022-18 - Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity
|
|
0
|
7948
|
September 20, 2022
|
|
HCSEC-2022-15 - Vault Enterprise Does Not Verify Existing Voter Status When Joining An Integrated Storage HA Node
|
|
0
|
8379
|
July 26, 2022
|
|
HCSEC-2022-12 - Vault’s Login MFA Configuration And Enforcement Not Reloaded After Restart
|
|
0
|
4269
|
May 16, 2022
|
|
HCSEC-2022-09 - Vault PKI Secrets Engine Policy Results In Incorrect Wildcard Certificate Issuance
|
|
0
|
8024
|
March 4, 2022
|
|
HCSEC-2022-08 - Vault Enterprise’s Tokenization Transform Configuration Endpoint May Expose Transform Key
|
|
0
|
7262
|
March 4, 2022
|
|
HCSEC-2021-30 - Vault's Templated ACL Policies Matched First-Created Alias Per Entity and Auth Backend
|
|
1
|
8252
|
January 6, 2022
|
|
HCSEC-2021-34 - Vault, Consul, Boundary, and Waypoint Affected By Denial of Service in Golang’s net/http (CVE-2021-44716)
|
|
0
|
5154
|
December 22, 2021
|
|
HCSEC-2021-33 - Vault’s KV Secrets Engine With Integrated Storage Exposed to Authenticated Denial of Service
|
|
0
|
7125
|
December 14, 2021
|
|
HCSEC-2021-28 - Vault's Google Cloud Secrets Engine Policies With Globs May Provide Additional Privileges in Vault 1.8.0 Onwards
|
|
0
|
7382
|
October 7, 2021
|
|
HCSEC-2021-27 - Vault Merging Multiple Entity Aliases for the Same Mount May Allow Privilege Escalation
|
|
0
|
8405
|
October 7, 2021
|
|
HCSEC-2020-20 - Vault Leases Created with Batch Tokens have Invalid Expiration
|
|
1
|
4561
|
September 2, 2021
|
|
HCSEC-2021-20 - Vault’s Integrated Storage Backend Database File May Have Excessively Broad Permissions
|
|
1
|
9093
|
September 2, 2021
|