) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:hashicorp:vault:1.0.0:*:*:*:enterprise:*:*:*
- CPE Name Search: true
There are 24 matching records.
Displaying matches 21 through 24.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2020-13223 |
HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2. Published: June 10, 2020; 3:15:09 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2020-10661 |
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4. Published: March 23, 2020; 9:15:13 AM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0: 5.8 MEDIUM |
| CVE-2020-10660 |
HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4. Published: March 23, 2020; 9:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2020-7220 |
HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2. Published: January 23, 2020; 1:15:14 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |