Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.16 views

EUVD-2021-1251

Malware in sbrugna...

7.4CVSS7.3AI score0.01376EPSS
Exploits0References7
OSV
OSV
added 2024/03/06 11:10 a.m.15 views

BIT-VAULT-2021-32923

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...

7.4CVSS7.3AI score0.01376EPSS
Exploits0References4
NVD
NVD
added 2021/06/03 11:15 a.m.20 views

CVE-2021-32923

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...

7.4CVSS0.01376EPSS
Exploits0References3
Prion
Prion
added 2021/06/03 11:15 a.m.13 views

Denial of service

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...

5.8CVSS7.4AI score0.01376EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/06/03 10:38 a.m.376 views

CVE-2021-32923

Summary: CVE-2021-32923 affects HashiCorp Vault and Vault Enterprise. The issue arises from the renewal logic for nearly-expired token leases and dynamic secret leases within one second of their maximum TTL, which allowed these leases to be incorrectly treated as non-expiring during subsequent us...

7.4CVSS7.3AI score0.01376EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/06/03 10:38 a.m.43 views

CVE-2021-32923

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...

7.7AI score0.01376EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2021/06/03 10:38 a.m.36 views

CVE-2021-32923

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...

7.4CVSS7.5AI score0.01376EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/06/03 12:0 a.m.3 views

PT-2021-19974 · Hashicorp · Hashicorp Vault +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions prior to 1.5.9 HashiCorp Vault and Vault Enterprise versions prior to 1.6.5 HashiCorp Vault and Vault Enterprise versions prior to 1.7.2 Description: The issue allowed the renewal of nearly-expire...

7.4CVSS6.8AI score0.01376EPSS
Exploits0References11
CNNVD
CNNVD
added 2021/06/03 12:0 a.m.13 views

HashiCorp Vault 和 Vault Enterprise 代码问题漏洞

Hashicorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp USA. A security vulnerability exists in HashiCorp Vault and Vault Enterprise that allows updates to expiring token leases and dynamic secret leases specifically those within 1 second of the maximum TTL, whi...

7.4CVSS7.2AI score0.01376EPSS
Exploits0References4
Veracode
Veracode
added 2021/05/26 6:44 a.m.27 views

Insecure Session Management

vault uses insecure session management. Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked...

7.4CVSS1.9AI score0.01376EPSS
Exploits0References5Affected Software2
Veracode
Veracode
added 2020/02/04 6:14 a.m.19 views

Insecure Session Management

github.com/hashicorp/vault does not properly handle and manage sessions. The vulnerability exists in Vault Enterprise, where the revocation of a token scoped to a non-root namespace does not properly trigger the revocation of the dynamic secret leases associated with the token...

1.9AI score
Exploits0
Rows per page
Query Builder