Lucene search
K

18 matches found

OSV
OSV
added 2026/05/19 7:53 p.m.4 views

GHSA-686C-7VGV-V3FX Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint

Summary Unauthenticated semi-blind Server-Side Request Forgery SSRF via the Azure instance identity endpoint POST /api/v2/workspaceagents/azure-instance-identity. An external attacker can force the Coder server to issue HTTP GET requests to arbitrary internal or external hosts by submitting a...

6.5CVSS6.1AI score0.00071EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-42031

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.33.3 Coder versions prior to 2.32.2 Coder versions prior to 2.31.12 Coder versions prior to 2.30.8 Coder versions prior to 2.29.13 Coder versions prior to 2.24.5 Description An unauthenticated semi-blind Server-Side...

6.5CVSS6AI score0.00071EPSS
Exploits0References12
Snyk
Snyk
added 2026/03/20 8:47 p.m.3 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force via the AssumeRoleWithLDAPIdentity endpoint, which exposes distinguishable error messages and lacks rate limiting. An attacker can enumerate valid LDAP usernames and perform unlimited password guessing to obtain temporary...

9.1CVSS5.8AI score0.00394EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/20 8:47 p.m.2 views

Brute Force

Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Brute Force via the AssumeRoleWithLDAPIdentity endpoint, which exposes distinguishable error messages and lacks rate limiting. An attacke...

9.1CVSS5.8AI score0.00394EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-3134

Malicious code in bioql PyPI...

7.2CVSS7.5AI score0.00528EPSS
Exploits0References4
Veracode
Veracode
added 2025/08/20 9:23 a.m.5 views

Privilege Escalation

github.com/hashicorp/vault is vulnerable to privilege escalation. The vulnerability is due to a privileged operator with write permissions to the root namespace’s identity endpoint being able to escalate their own or another user’s token privileges, which allows an attacker to gain Vault’s root...

7.2CVSS7.5AI score0.00459EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2025/08/12 11:36 p.m.2 views

SUSE CVE-2025-5999

A privileged Vault operator with write permissions to the root namespace's identity endpoint could escalate their own or another user's token privileges to Vault's root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...

7.2CVSS7.1AI score0.00459EPSS
Exploits0References3
Snyk
Snyk
added 2025/08/01 6:31 p.m.5 views

Incorrect Privilege Assignment

Overview github.com/hashicorp/vault/vault is a tool for securely accessing secrets. Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the identity endpoint in the root namespace. An attacker can gain unauthorized access to elevated privileges by modifying toke...

8.6CVSS6AI score0.00459EPSS
Exploits0References2
OSV
OSV
added 2025/08/01 6:31 p.m.5 views

GHSA-6H4P-M86H-HHGH Hashicorp Vault has Privilege Escalation Vulnerability

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...

7.2CVSS6.4AI score0.00459EPSS
Exploits0References3
OSV
OSV
added 2025/08/01 6:15 p.m.5 views

CVE-2025-5999

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...

7.2CVSS7.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/01 12:0 a.m.5 views

PT-2025-31660

Name of the Vulnerable Software and Affected Versions Vault Community Edition versions prior to 1.20.0 Vault Enterprise versions prior to 1.20.0 Vault Enterprise version 1.19.6 Vault Enterprise version 1.18.11 Vault Enterprise version 1.16.22 Description A privileged Vault operator with write...

9.1CVSS7AI score0.00873EPSS
Exploits0References39
SUSE CVE
SUSE CVE
added 2024/11/02 4:2 a.m.5 views

SUSE CVE-2024-9180

A privileged Vault operator with write permissions to the root namespace's identity endpoint could escalate their own or another user's privileges to Vault's root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...

7.2CVSS7.6AI score0.00528EPSS
Exploits0References5
OSV
OSV
added 2024/10/10 9:30 p.m.18 views

GHSA-RR8J-7W34-XP5J Vault Community Edition privilege escalation vulnerability

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...

8.6CVSS7AI score0.00528EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/10/10 9:30 p.m.21 views

Vault Community Edition privilege escalation vulnerability

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...

7.2CVSS7AI score0.00528EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2024/10/10 8:54 p.m.17 views

CVE-2024-9180 Vault Operators in Root Namespace May Elevate Their Privileges

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...

7.2CVSS7AI score0.00528EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/10 8:54 p.m.36 views

CVE-2024-9180 Vault Operators in Root Namespace May Elevate Their Privileges

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...

7.2CVSS0.00528EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/10 12:0 a.m.3 views

HashiCorp Vault Community Edition和Vault Enterprise 安全漏洞

HashiCorp Vault Enterprise and HashiCorp Vault Community Edition are both products of HashiCorp, Inc. of the U.S.A. HashiCorp Vault Enterprise is an enterprise information archiving platform.HashiCorp Vault HashiCorp Vault Enterprise is an enterprise information archiving platform, and HashiCorp...

7.2CVSS7.3AI score0.00528EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.8 views

PT-2024-7690 · Hashicorp +3 · Hashicorp Vault +4

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault versions prior to 1.18.0 HashiCorp Vault Enterprise versions prior to 1.18.0, 1.17.7, 1.16.11, and 1.15.16 Description: A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalat...

9.9CVSS6.5AI score0.97781EPSS
Exploits21References158
Rows per page
Query Builder