Lucene search
K

12 matches found

NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-12112

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

7.8CVSS0.00153EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.8 views

CVE-2026-32694

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

6.6CVSS5.8AI score0.00269EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/19 12:42 p.m.4 views

Incorrect Ownership Assignment

Overview Affected versions of this package are vulnerable to Incorrect Ownership Assignment in the secrets management process. An attacker can gain unauthorized access to sensitive information by exploiting a race condition between the generation of a secret ID and the creation of the secret's...

6CVSS5.9AI score0.00233EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/18 12:55 p.m.26 views

CVE-2026-32694 Insecure Direct Object Reference attack via predictable secret ID in Juju

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

6.6CVSS0.00269EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2168

Malicious code in bioql PyPI...

8.1CVSS6.8AI score0.00597EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/07/19 11:35 p.m.18 views

CVE-2023-3299 Nomad Caller ACL Token's Secret ID is Exposed to Sentinel

HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11...

3.4CVSS6.7AI score0.00493EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/19 11:35 p.m.25 views

CVE-2023-3299 Nomad Caller ACL Token's Secret ID is Exposed to Sentinel

HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11...

3.4CVSS4.2AI score0.00493EPSS
Exploits0References1
Veracode
Veracode
added 2023/03/16 5:23 a.m.21 views

Denial Of Service (DoS)

github.com/hashicorp/vault is vulnerable to Denial of Service DoS attacks. A malicious authenticated user is able to destroy the secret ID of any other role by providing the secret ID accessor via the /auth/approle/role/:rolename/secret-id-accessor/destroy endpoint, resulting in Denial of Service...

8.1CVSS7.7AI score0.00597EPSS
Exploits0References10Affected Software1
RedhatCVE
RedhatCVE
added 2023/03/13 5:14 p.m.31 views

CVE-2023-24999

A flaw was found in the Hashicorp vault. When using the Vault and Vault Enterprise approle auth method, any authenticated user with access to the /auth/approle/role/:rolename/secret-id-accessor/destroy endpoint can destroy the secret ID of another role by providing the secret ID accessor...

8.1CVSS7.6AI score0.00597EPSS
Exploits0References4
OSV
OSV
added 2023/03/11 12:15 a.m.24 views

CVE-2023-24999

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above...

8.1CVSS8.1AI score
Exploits0References2
Prion
Prion
added 2023/03/11 12:15 a.m.17 views

Denial of service

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above...

5.5CVSS7.7AI score0.00597EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/03/10 11:12 p.m.503 views

CVE-2023-24999

HashiCorp Vault and Vault Enterprise are affected by CVE-2023-24999 in the approle authentication path. The issue allows an authenticated user who can access an approle destroy endpoint to destroy the secret ID of another role by supplying that role’s secret ID accessor, due to insufficient autho...

8.1CVSS5.7AI score0.00597EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder