34 matches found
SUSE CVE-2024-8185
Vault Community and Vault Enterprise “Vault” clusters using Vault's Integrated Storage backend are vulnerable to a denial-of-service DoS attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vaul...
EUVD-2021-1503
Malware in sbrugna...
EUVD-2021-31839
Malicious code in bioql PyPI...
ROS-20241112-08
A vulnerability in the Raft Consensus Algorithm of the Raft data distribution algorithm of the Integrated storage Raft storage of HashiCorp Vault and Vault Enterprise platforms for archiving corporate information is associated with unlimited resource consumption as a result of nodes incorrectly...
CVE-2024-8185
Vault Community and Vault Enterprise “Vault” clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service DoS attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vaul...
CVE-2024-8185 Vault Vulnerable to Denial of Service When Processing Raft Join Requests
Vault Community and Vault Enterprise “Vault” clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service DoS attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vaul...
Vault Vulnerable to Denial of Service Through Memory Exhaustion When Processing Raft Cluster Join Requests
Summary Vault Community and Vault Enterprise “Vault” clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service DoS attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may...
BIT-VAULT-2021-38553
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0...
BIT-VAULT-2021-45042
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user with write permissions to a kv secrets engine to cause a panic and denial of service of the storage backend. The earliest...
CVE-2022-36129
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure...
CVE-2022-36129
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure...
Denial of service
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure...
CVE-2022-36129
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure...
CVE-2022-36129
HashiCorp Vault Enterprise clusters using Integrated Storage (versions 1.7.0–1.9.7, 1.10.4, 1.11.0) expose an unauthenticated API endpoint that can be abused to override the voter status of a node in a Vault HA cluster, potentially enabling data loss or catastrophic failure. The issue is caused b...
Vault Enterprise Does Not Verify Existing Voter Status When Joining An Integrated Storage HA Node
Summary Vault Enterprise “Vault” clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. This vulnerability, CVE-2022-36129,...
CVE-2021-45042
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user with write permissions to a kv secrets engine to cause a panic and denial of service of the storage backend. The earliest...
CVE-2021-45042
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user with write permissions to a kv secrets engine to cause a panic and denial of service of the storage backend. The earliest...
CVE-2021-45042
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user with write permissions to a kv secrets engine to cause a panic and denial of service of the storage backend. The earliest...
Denial of service
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user with write permissions to a kv secrets engine to cause a panic and denial of service of the storage backend. The earliest...
CVE-2021-45042
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user with write permissions to a kv secrets engine to cause a panic and denial of service of the storage backend. The earliest...