HCSEC-2021-19 - Vault’s UI Cached User-Viewed Secrets Between Shared Browser Sessions
|
|
0
|
6293
|
August 12, 2021
|
HCSEC-2021-15 - Vault Renewed Nearly-Expired Leases With Incorrect Non-Expiring TTLs
|
|
1
|
7005
|
June 2, 2021
|
HCSEC-2021-13 - Vault GitHub Action Did Not Correctly Mask Multi-Line Secrets In Output
|
|
0
|
6252
|
May 6, 2021
|
HCSEC-2021-12 - Codecov Security Event and HashiCorp GPG Key Exposure
|
|
2
|
63804
|
May 4, 2021
|
HCSEC-2021-10 - Vault’s Cassandra Integrations Did Not Validate TLS Certificates
|
|
0
|
6385
|
April 21, 2021
|
HCSEC-2021-11 - Terraform’s Vault Provider Did Not Correctly Configure Bound Labels for GCP Auth
|
|
0
|
6635
|
April 21, 2021
|
HCSEC-2021-09 - Vault’s PKI Engine CRL May Exclude Revoked But Unexpired Certificates After Tidy
|
|
0
|
7023
|
April 21, 2021
|
HCSEC-2021-05 - Vault Enterprise’s DR Secondaries Exposed License Metadata Without Authentication
|
|
0
|
6041
|
February 26, 2021
|
HCSEC-2021-03 - Vault API Endpoint Allowed Enumeration of Secrets Engine Mount Paths Without Authentication
|
|
0
|
6937
|
January 29, 2021
|
HCSEC-2021-02 - Vault API Endpoint Exposed Internal IP Address Without Authentication
|
|
0
|
6612
|
January 29, 2021
|
HCSEC-2021-04 - Vault Enterprise’s DR Secondaries Allowed Raft Peer Removal Without Authentication
|
|
0
|
6392
|
January 29, 2021
|
HCSEC-2020-25 - Vault’s LDAP Auth Method Allows User Enumeration
|
|
0
|
6586
|
December 16, 2020
|
HCSEC-2020-24 - Vault Enterprise’s Sentinel EGP Policies May Impact Parent or Sibling Namespaces
|
|
0
|
5974
|
December 16, 2020
|
HCSEC-2020-18 - Vault SSH Helper Validated IP Addresses Incorrectly
|
|
0
|
3238
|
November 25, 2020
|
HCSEC-2020-17 - Vault’s GCP Auth Method Allows Authentication Bypass
|
|
0
|
3304
|
November 25, 2020
|
HCSEC-2020-16 - Vault’s AWS Auth Method Allows Authentication Bypass
|
|
0
|
3455
|
November 25, 2020
|
HCSEC-2020-13 - Vault Proxy Environment Variable Was Logged to STDOUT
|
|
0
|
3247
|
November 25, 2020
|
HCSEC-2020-09 - Vault's GCP Secrets Engine Service Account Keys Not Enforcing Configured TTL
|
|
0
|
3222
|
November 25, 2020
|
HCSEC-2020-07 - Vault Enterprise Prefixed Mount Policies May Result In Unauthorized Namespace Access
|
|
0
|
3242
|
November 25, 2020
|
HCSEC-2020-06 - Vault Auth Groups Not Removed In Certain Circumstances
|
|
0
|
3203
|
November 25, 2020
|
HCSEC-2020-03 - Vault Enterprise’s Dynamic Secrets May Persist After Namespace Deletion
|
|
0
|
3333
|
November 25, 2020
|