Lucene search
Alpine Linux Development TeamALPINE:CVE-2023-3462HistoryJul 31, 2023 - 11:15 p.m.
CVE-2023-3462
2023-07-3123:15:00
Alpine Linux Development Team
security.alpinelinux.org
5
hashicorp
vault
ldap
user enumeration
vulnerability
fix
1.14.1
1.13.5
unix
0.0005 Low
EPSS
Percentile
17.1%
HashiCorp’s Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | vault | < 1.14.0-r0 | UNKNOWN |
Related
cgr
cgr
CVE-2023-3462 vulnerabilities
2024-05-19 03:07:16
osv
osv
CVE-2023-3462
2023-07-31 23:15:10
HashiCorp Vault and Vault Enterprise vulnerable to user enumeration
2023-08-01 00:30:17
BIT-vault-2023-3462
2024-03-06 11:08:58
wolfi
wolfi
CVE-2023-3462 vulnerabilities
2024-06-26 09:08:30
cve
cve
CVE-2023-3462
2023-07-31 23:15:10
nvd
nvd
CVE-2023-3462
2023-07-31 23:15:10
github
github
HashiCorp Vault and Vault Enterprise vulnerable to user enumeration
2023-08-01 00:30:17
redhatcve
redhatcve
CVE-2023-3462
2023-08-01 15:26:43
prion
prion
Denial of service
2023-07-31 23:15:00
cvelist
cvelist
CVE-2023-3462 Vault's LDAP Auth Method Allows for User Enumeration
2023-07-31 22:40:23
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
2023-09-28 07:49:45
redhat
redhat