5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
17.1%
A flaw was found in the HashiCorp Vault. The Vault and Vault Enterprise (“Vault”) LDAP auth method allows unauthenticated users to potentially enumerate valid accounts in the configured LDAP system by observing the response error when querying usernames.