Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2168

Malicious code in bioql PyPI...

8.1CVSS6.8AI score0.00597EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/02 1:30 a.m.11 views

CVE-2024-8365 Vault Leaks AppRole Client Tokens And Accessor in Audit Log

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being...

6.2CVSS6.6AI score0.00474EPSS
Exploits0References1
OSV
OSV
added 2024/08/20 8:31 p.m.16 views

GO-2023-1900 Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault...

8.1CVSS5.7AI score0.00597EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:9 a.m.17 views

BIT-VAULT-2023-24999 Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above...

8.1CVSS5.6AI score0.00597EPSS
Exploits0References3
OSV
OSV
added 2023/07/06 7:24 p.m.129 views

GHSA-WMG5-G953-QQFW Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation

When using the Vault and Vault Enterprise Vault approle auth method, any authenticated user with access to the /auth/approle/role/:rolename/secret-id-accessor/destroy endpoint can destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability, CVE-2023-24999, has...

8.1CVSS5.8AI score0.00597EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/07/06 7:24 p.m.138 views

Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation

When using the Vault and Vault Enterprise Vault approle auth method, any authenticated user with access to the /auth/approle/role/:rolename/secret-id-accessor/destroy endpoint can destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability, CVE-2023-24999, has...

8.1CVSS6.8AI score0.00597EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/03/11 12:15 a.m.16 views

CVE-2023-24999

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above...

8.1CVSS5.8AI score0.00597EPSS
Exploits0References2
OSV
OSV
added 2023/03/11 12:15 a.m.24 views

CVE-2023-24999

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above...

8.1CVSS8.1AI score
Exploits0References2
Prion
Prion
added 2023/03/11 12:15 a.m.17 views

Denial of service

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above...

5.5CVSS7.7AI score0.00597EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2023/03/11 12:15 a.m.44 views

CVE-2023-24999

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above...

8.1CVSS1.8AI score0.00597EPSS
Exploits0
CVE
CVE
added 2023/03/10 11:12 p.m.502 views

CVE-2023-24999

HashiCorp Vault and Vault Enterprise are affected by CVE-2023-24999 in the approle authentication path. The issue allows an authenticated user who can access an approle destroy endpoint to destroy the secret ID of another role by supplying that role’s secret ID accessor, due to insufficient autho...

8.1CVSS5.7AI score0.00597EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/03/10 11:12 p.m.28 views

CVE-2023-24999 Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above...

4.4CVSS8AI score0.00597EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/10 12:0 a.m.2 views

PT-2023-19853 · Hashicorp +1 · Hashicorp Vault +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions prior to 1.10.11 HashiCorp Vault and Vault Enterprise versions prior to 1.11.8 HashiCorp Vault and Vault Enterprise versions prior to 1.12.4 HashiCorp Vault and Vault Enterprise versions prior to...

8.5CVSS6.5AI score0.00597EPSS
Exploits0References16
Rows per page
Query Builder