Topics tagged security-vault

Topic	Replies	Views	Activity
HCSEC-2023-30 - Vault’s Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets Security security-vault	0	7890	September 28, 2023
HCSEC-2023-29 - Vault Enterprise’s Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service Security security-vault	0	7978	September 28, 2023
HCSEC-2023-28 - Vault’s Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption Security security-vault	0	8472	September 14, 2023
HCSEC-2023-24 - Vault's LDAP Auth Method Allows for User Enumeration Security security-vault	0	8383	July 31, 2023
HCSEC-2023-23 - Vault Enterprise Namespace Creation May Lead to Denial of Service Security security-vault	0	8021	July 28, 2023
HCSEC-2023-17 - Vault’s KV Diff Viewer Allowed HTML Injection Security security-vault	0	6871	June 9, 2023
HCSEC-2023-14 - Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-Based Encryption Mechanism with a HSM Security security-vault	0	6106	May 1, 2023
HCSEC-2023-12 - Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File Security security-vault	0	7449	March 30, 2023
HCSEC-2023-11 - Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata Security security-vault	0	6374	March 30, 2023
HCSEC-2023-10 - Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations Security security-vault	0	7822	March 30, 2023
HCSEC-2023-07 - Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation Security security-vault	0	6766	March 10, 2023
HCSEC-2023-02 - Vault, Consul, Boundary, and Waypoint Affected By Denial of Service in Go’s net/http (CVE-2022-41717) Security security-consul , security-vault , security-boundary , security-waypoint	0	5352	February 8, 2023
HCSEC-2022-24 - Vault's TLS Cert Auth Method Only Loaded CRL After First Request Security security-vault	0	7025	October 12, 2022
HCSEC-2022-18 - Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity Security security-vault	0	7914	September 20, 2022
HCSEC-2022-15 - Vault Enterprise Does Not Verify Existing Voter Status When Joining An Integrated Storage HA Node Security security-vault	0	8358	July 26, 2022
HCSEC-2022-12 - Vault’s Login MFA Configuration And Enforcement Not Reloaded After Restart Security security-vault	0	4256	May 16, 2022
HCSEC-2022-09 - Vault PKI Secrets Engine Policy Results In Incorrect Wildcard Certificate Issuance Security security-vault	0	7993	March 4, 2022
HCSEC-2022-08 - Vault Enterprise’s Tokenization Transform Configuration Endpoint May Expose Transform Key Security security-vault	0	7244	March 4, 2022
HCSEC-2021-30 - Vault's Templated ACL Policies Matched First-Created Alias Per Entity and Auth Backend Security security-vault	1	8224	January 6, 2022
HCSEC-2021-34 - Vault, Consul, Boundary, and Waypoint Affected By Denial of Service in Golang’s net/http (CVE-2021-44716) Security security-consul , security-vault , security-boundary , security-waypoint	0	5140	December 22, 2021
HCSEC-2021-33 - Vault’s KV Secrets Engine With Integrated Storage Exposed to Authenticated Denial of Service Security security-vault	0	7108	December 14, 2021
HCSEC-2021-28 - Vault's Google Cloud Secrets Engine Policies With Globs May Provide Additional Privileges in Vault 1.8.0 Onwards Security security-vault	0	7349	October 7, 2021
HCSEC-2021-27 - Vault Merging Multiple Entity Aliases for the Same Mount May Allow Privilege Escalation Security security-vault	0	8363	October 7, 2021
HCSEC-2020-20 - Vault Leases Created with Batch Tokens have Invalid Expiration Security security-vault	1	4541	September 2, 2021
HCSEC-2021-20 - Vault’s Integrated Storage Backend Database File May Have Excessively Broad Permissions Security security-vault	1	9060	September 2, 2021
HCSEC-2021-19 - Vault’s UI Cached User-Viewed Secrets Between Shared Browser Sessions Security security-vault	0	7814	August 12, 2021
HCSEC-2021-15 - Vault Renewed Nearly-Expired Leases With Incorrect Non-Expiring TTLs Security security-vault	1	8455	June 2, 2021
HCSEC-2021-13 - Vault GitHub Action Did Not Correctly Mask Multi-Line Secrets In Output Security security-vault	0	7654	May 6, 2021
HCSEC-2021-12 - Codecov Security Event and HashiCorp GPG Key Exposure Security security-nomad , security-consul , security-vault , security-terraform	2	67019	May 4, 2021
HCSEC-2021-10 - Vault’s Cassandra Integrations Did Not Validate TLS Certificates Security security-vault	0	7584	April 21, 2021