Lucene search
+L

8 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-24033

Malicious code in bioql PyPI...

6.5CVSS6.2AI score0.00502EPSS
Exploits0References5
cvelist
cvelist
added 2025/08/09 2:1 a.m.9 views

CVE-2025-55001 OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

6.5CVSS0.00221EPSS
Exploits0References3
osv
osv
added 2025/08/09 2:1 a.m.8 views

CVE-2025-55001 OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

6.5CVSS6.5AI score0.00221EPSS
Exploits0References5
redos
redos
added 2025/04/02 12:0 a.m.9 views

ROS-20250402-08

The vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms is related to the fact that the application allows the use of entity aliases mapped to a single resource with the same alias name. Exploitation of the vulnerability could allow an attacker actin...

9.1CVSS7AI score0.00781EPSS
Exploits0
hashicorp
hashicorp
added 2022/09/20 9:16 p.m.6 views

Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity

Summary When entity aliases mapped to a single entity share the same alias name, but have different mount accessors, Vault can leak metadata between the aliases. This metadata leak may result in unexpected access if templated policies are using alias metadata for path names. This vulnerability,...

9.1CVSS7AI score0.00781EPSS
Exploits0Affected Software1
osv
osv
added 2021/12/02 5:48 p.m.25 views

GHSA-PFMW-VJ74-PH8G HashiCorp Vault Incorrect Permission Assignment for Critical Resource

HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault...

9.1CVSS6.5AI score0.01008EPSS
Exploits0References4
hashicorp
hashicorp
added 2021/11/18 5:54 p.m.8 views

Vault's Templated ACL Policies Matched First-Created Alias Per Entity and Auth Backend

Summary Vault and Vault Enterprise “Vault” templated ACL policies would always match the first-created entity alias if multiple entity aliases existed for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. This vulnerability, CVE-2021-43998, was fixed...

6.5CVSS6.7AI score0.01008EPSS
Exploits0Affected Software1
hashicorp
hashicorp
added 2021/10/07 8:50 p.m.7 views

Vault Merging Multiple Entity Aliases for the Same Mount May Allow Privilege Escalation

Summary A Vault or Vault Enterprise “Vault” user with write permission to an entity alias ID sharing a mount accessor with another user may acquire this other user’s policies by merging their identities. This vulnerability, CVE-2021-41802, was fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4...

5.5CVSS6.2AI score0.00589EPSS
Exploits0Affected Software2
Rows per page
Query Builder