Lucene search
K

Vault Enterprise’s DR Secondaries Exposed License Metadata Without Authentication

🗓️ 26 Feb 2021 00:50:56Reported by HashiCorp Security TeamType 
hashicorp
 hashicorp
🔗 discuss.hashicorp.com👁 5 Views

Vault Enterprise DR secondaries exposed license metadata via /sys/license without authentication; read-only; fix in 1.6.3; upgrade.

Related
Detection
ReporterTitlePublishedViews
Family
FreeBSD
vault -- unauthenticated license read
26 Feb 202100:00
freebsd
AlpineLinux
CVE-2021-27668
31 Aug 202117:01
alpinelinux
Circl
CVE-2021-27668
31 Aug 202122:33
circl
CNNVD
HashiCorp Vault 访问控制错误漏洞
31 Aug 202100:00
cnnvd
CVE
CVE-2021-27668
31 Aug 202117:01
cve
Cvelist
CVE-2021-27668
31 Aug 202117:01
cvelist
EUVD
EUVD-2021-14414
7 Oct 202500:30
euvd
Tenable Nessus
FreeBSD : vault -- unauthenticated license read (52bd2d59-4ab5-4bef-a599-7aac4e92238b)
1 Mar 202100:00
nessus
Tenable Nessus
GLSA-202207-01 : HashiCorp Vault: Multiple Vulnerabilities
2 Aug 202200:00
nessus
Gentoo Linux
HashiCorp Vault: Multiple Vulnerabilities
29 Jul 202200:00
gentoo
Rows per page
Vulners
Node
hashicorpvaultRange0.9.2enterprise
OR
hashicorpvaultRange<1.6.3enterprise

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

26 Feb 2021 00:50Current
6Medium risk
Vulners AI Score6
CVSS 25
CVSS 3.15.3
EPSS0.01043
5