18 matches found
GHSA-686C-7VGV-V3FX Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint
Summary Unauthenticated semi-blind Server-Side Request Forgery SSRF via the Azure instance identity endpoint POST /api/v2/workspaceagents/azure-instance-identity. An external attacker can force the Coder server to issue HTTP GET requests to arbitrary internal or external hosts by submitting a...
PT-2026-42031
Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.33.3 Coder versions prior to 2.32.2 Coder versions prior to 2.31.12 Coder versions prior to 2.30.8 Coder versions prior to 2.29.13 Coder versions prior to 2.24.5 Description An unauthenticated semi-blind Server-Side...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force via the AssumeRoleWithLDAPIdentity endpoint, which exposes distinguishable error messages and lacks rate limiting. An attacker can enumerate valid LDAP usernames and perform unlimited password guessing to obtain temporary...
Brute Force
Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Brute Force via the AssumeRoleWithLDAPIdentity endpoint, which exposes distinguishable error messages and lacks rate limiting. An attacke...
EUVD-2024-3134
Malicious code in bioql PyPI...
Privilege Escalation
github.com/hashicorp/vault is vulnerable to privilege escalation. The vulnerability is due to a privileged operator with write permissions to the root namespace’s identity endpoint being able to escalate their own or another user’s token privileges, which allows an attacker to gain Vault’s root...
SUSE CVE-2025-5999
A privileged Vault operator with write permissions to the root namespace's identity endpoint could escalate their own or another user's token privileges to Vault's root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...
Incorrect Privilege Assignment
Overview github.com/hashicorp/vault/vault is a tool for securely accessing secrets. Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the identity endpoint in the root namespace. An attacker can gain unauthorized access to elevated privileges by modifying toke...
GHSA-6H4P-M86H-HHGH Hashicorp Vault has Privilege Escalation Vulnerability
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...
CVE-2025-5999
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...
PT-2025-31660
Name of the Vulnerable Software and Affected Versions Vault Community Edition versions prior to 1.20.0 Vault Enterprise versions prior to 1.20.0 Vault Enterprise version 1.19.6 Vault Enterprise version 1.18.11 Vault Enterprise version 1.16.22 Description A privileged Vault operator with write...
SUSE CVE-2024-9180
A privileged Vault operator with write permissions to the root namespace's identity endpoint could escalate their own or another user's privileges to Vault's root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...
GHSA-RR8J-7W34-XP5J Vault Community Edition privilege escalation vulnerability
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...
Vault Community Edition privilege escalation vulnerability
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...
CVE-2024-9180 Vault Operators in Root Namespace May Elevate Their Privileges
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...
CVE-2024-9180 Vault Operators in Root Namespace May Elevate Their Privileges
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...
HashiCorp Vault Community Edition和Vault Enterprise 安全漏洞
HashiCorp Vault Enterprise and HashiCorp Vault Community Edition are both products of HashiCorp, Inc. of the U.S.A. HashiCorp Vault Enterprise is an enterprise information archiving platform.HashiCorp Vault HashiCorp Vault Enterprise is an enterprise information archiving platform, and HashiCorp...
PT-2024-7690 · Hashicorp +3 · Hashicorp Vault +4
Name of the Vulnerable Software and Affected Versions: HashiCorp Vault versions prior to 1.18.0 HashiCorp Vault Enterprise versions prior to 1.18.0, 1.17.7, 1.16.11, and 1.15.16 Description: A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalat...