13 matches found
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force via the AssumeRoleWithLDAPIdentity endpoint, which exposes distinguishable error messages and lacks rate limiting. An attacker can enumerate valid LDAP usernames and perform unlimited password guessing to obtain temporary...
Brute Force
Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Brute Force via the AssumeRoleWithLDAPIdentity endpoint, which exposes distinguishable error messages and lacks rate limiting. An attacke...
EUVD-2024-3134
Malicious code in bioql PyPI...
Privilege Escalation
github.com/hashicorp/vault is vulnerable to privilege escalation. The vulnerability is due to a privileged operator with write permissions to the root namespace’s identity endpoint being able to escalate their own or another user’s token privileges, which allows an attacker to gain Vault’s root...
SUSE CVE-2025-5999
A privileged Vault operator with write permissions to the root namespace's identity endpoint could escalate their own or another user's token privileges to Vault's root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...
GHSA-6H4P-M86H-HHGH Hashicorp Vault has Privilege Escalation Vulnerability
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...
CVE-2025-5999
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...
PT-2025-31660
Name of the Vulnerable Software and Affected Versions Vault Community Edition versions prior to 1.20.0 Vault Enterprise versions prior to 1.20.0 Vault Enterprise version 1.19.6 Vault Enterprise version 1.18.11 Vault Enterprise version 1.16.22 Description A privileged Vault operator with write...
Vault Community Edition privilege escalation vulnerability
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...
GHSA-RR8J-7W34-XP5J Vault Community Edition privilege escalation vulnerability
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...
CVE-2024-9180 Vault Operators in Root Namespace May Elevate Their Privileges
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...
CVE-2024-9180 Vault Operators in Root Namespace May Elevate Their Privileges
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...
HashiCorp Vault Community Edition和Vault Enterprise 安全漏洞
HashiCorp Vault Enterprise and HashiCorp Vault Community Edition are both products of HashiCorp, Inc. of the U.S.A. HashiCorp Vault Enterprise is an enterprise information archiving platform.HashiCorp Vault HashiCorp Vault Enterprise is an enterprise information archiving platform, and HashiCorp...