) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:hashicorp:vault:1.13.7:*:*:*:enterprise:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-6337 |
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12. Published: December 08, 2023; 5:15:07 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2023-5954 |
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10. Published: November 09, 2023; 4:15:25 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2023-3775 |
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8. Published: September 28, 2023; 8:15:12 PM -0400 |
V4.0:(not available) V3.1: 4.9 MEDIUM V2.0:(not available) |