GO-2024-3246 Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault

Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault...

GO-2022-0623 Invalid session token expiration in github.com/hashicorp/vault

Invalid session token expiration in github.com/hashicorp/vault...

GO-2024-2982 Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions in github.com/hashicorp/vault

Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions in github.com/hashicorp/vault. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

GO-2024-2488 HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

HashiCorp Vault Authentication bypass in github.com/hashicorp/vault...

Improper Privilege Management

github.com/hashicorp/vault is vulnerable to Improper Privilege Management. The vulnerability is due to the RenewToken function within expiration.go which only refreshes group memberships when GroupAliases is not nil, along with non-empty EntityID and initialized identityStore. This logic could mi...

Timing Attack

github.com/hashicorp/vault is vulnerable to Timing Attacks. The vulnerability exists in mult and div functions of shamir.go because of not implementing a constant time which allows an attacker to observe a large number of unseal operations on the host...

GHSA-25XJ-89G5-FM6H Information Disclosure in HashiCorp Vault

HashiCorp Vault and Vault Enterprise before 1.3.6, and 1.4.2 before 1.4.2, insert Sensitive Information into a Log File. The vulnerability is affecting github.com/hashicorp/vault/command Go package...

Information Disclosure

github.com/hashicorp/vault is vulnerable to information disclosure. The server discloses internal IP addresses when responding to certain invalid andd unauthenticated HTTP requests...

Information Disclosure

github.com/hashicorp/vault is vulnerable to information disclosure. The vulnerability exists as the in-memory cache that exists on performance standby nodes is not purged if a mount filter was used to exclude the secondary cluster. This allows an attacker to retrieve mount configuration data whic...

Timing Attack

github.com/hashicorp/vault is vulnerable to timing attacks. This vulnerability is caused because passwords are not compared in constant time, allowing malicious users to guess valid passwords based on the time that a comparison takes...