72 matches found
CVE-2023-25000
CVE-2023-25000 : HashiCorp Vault’s Shamir secret sharing uses precomputed table lookups and is vulnerable to cache-timing attacks during seal/unseal. An attacker observing many unseal operations locally could reduce the search space for recovering Shamir shares. Affected: Vault’s Shamir implement...
CVE-2024-5798
CVE-2024-5798 concerns Vault and Vault Enterprise failing to properly validate the JWT aud/role-bound audience claims in the Vault JWT auth method, potentially allowing an invalid login when audience/claims don’t match. The issue is mitigated by upgrading to fixed releases: Vault 1.17.0, 1.16.3, ...
CVE-2023-5954
CVE-2023-5954 affects HashiCorp Vault and Vault Enterprise. Inbound client requests that trigger a policy check can cause unbounded memory growth, leading to denial of service. Fixes are available in Vault 1.15.2, 1.14.6, and 1.13.10.
CVE-2023-4680
CVE-2023-4680 affects HashiCorp Vault/Vault Enterprise transit secrets engine. The vulnerability allows an authorized user to specify arbitrary nonces, even when convergent encryption is disabled. The encrypt endpoint, with an offline attack, could decrypt arbitrary ciphertext and potentially der...
CVE-2022-41316
CVE-2022-41316 affects HashiCorp Vault and Vault Enterprise: the TLS certificate auth method did not load the optional CRL into memory on startup, potentially skipping revocation checks until retrieval. A fix is available in Vault/Vault Enterprise releases 1.12.0, 1.11.4, 1.10.7, and 1.9.10.
CVE-2023-3462
HashiCorp Vault and Vault Enterprise are vulnerable to user enumeration through the LDAP auth method. An attacker can distinguish existing vs non-existent LDAP users by response discrepancies. Impact is information disclosure with no exploit details provided. Fixed in Vault 1.14.1 and 1.13.5; rem...
CVE-2023-24999
HashiCorp Vault and Vault Enterprise are affected by CVE-2023-24999 in the approle authentication path. The issue allows an authenticated user who can access an approle destroy endpoint to destroy the secret ID of another role by supplying that role’s secret ID accessor, due to insufficient autho...
CVE-2025-4166
CVE-2025-4166 affects Vault Community and Vault Enterprise KV v2 plugin. When handling malformed payloads during secret create/update via the Vault REST API, servers/audit logs may leak sensitive information due to error message content. The issue is fixed in Vault Community 1.19.3 and Vault Ente...
CVE-2024-2048
CVE-2024-2048 affects Vault and Vault Enterprise where TLS certificate auth did not properly validate client certificates when configured with a non-CA trusted certificate, potentially allowing certificate-based authentication bypass. The issue is fixed in Vault 1.15.5 and 1.14.10.
CVE-2023-0620
HashiCorp Vault/Vault Enterprise versions 0.8.0–1.13.1 are vulnerable to SQL injection when configuring the Microsoft SQL (MSSQL) Database Storage Backend. In the MSSQL plugin configuration, certain parameters are not sanitized before being passed to the backend, allowing a local attacker to modi...
CVE-2023-5077
CVE-2023-5077 affects HashiCorp Vault and Vault Enterprise Google Cloud secrets engine. The root cause was that existing Google Cloud IAM Conditions were not preserved when creating or updating rolesets. This could impact IAM policy integrity for affected deployments. The issue is fixed in Vault ...
CVE-2020-16250
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. The issue is fixed in Vault releases 1.2.5, 1.3.8, 1.4.4, and 1.5.1. Public disclosures in connected sources describe an AWS IAM auth bypass via...
CVE-2021-32923
Summary: CVE-2021-32923 affects HashiCorp Vault and Vault Enterprise. The issue arises from the renewal logic for nearly-expired token leases and dynamic secret leases within one second of their maximum TTL, which allowed these leases to be incorrectly treated as non-expiring during subsequent us...
CVE-2021-38554
Summary: HashiCorp Vault and Vault Enterprise’s UI could cache and expose user-viewed secrets across sessions in a single shared browser. Affected: Vault/Vault Enterprise UI components (as described in CVE-2021-38554). Root cause (as stated): UI caching behavior allowed cross-session exposure of ...
CVE-2023-0665
HashiCorp Vault’s PKI mount issuer endpoints were vulnerable to insufficient access control, allowing a remote attacker to cause a denial of service by removing an issuer or altering issuer metadata. The defect specifically affects the PKI issuer management surface but does not impact private key...
CVE-2023-2121
The CVE-2023-2121 issue affects HashiCorp Vault and Vault Enterprise, stemming from the key-value v2 (kv-v2) diff viewer and improper input handling that allowed HTML injection in the Vault web UI. The vulnerability could enable cross-site scripting through user-supplied values rendered by the di...
CVE-2020-35177
CVE-2020-35177 affects HashiCorp Vault and Vault Enterprise; versions 1.4.1 and later allowed user enumeration through the LDAP authentication method. The issue is mitigated by upgrading to 1.5.6 or 1.6.1, which fix the vulnerability. The available connected documents confirm the vulnerability is...
CVE-2024-8365
Vault Community Edition and Vault Enterprise regressed by removing the HMAC protection for sensitive headers in the audit device, causing plaintext client tokens and token accessors to be written to audit logs. The issue is documented as CVE-2024-8365 and has been fixed in Vault Community Edition...
CVE-2024-6468
CVE-2024-6468 affects HashiCorp Vault and Vault Enterprise. When the TCP listener option proxy_protocol_behavior is set to deny_unauthorized, requests from source IPs not listed in proxy_protocol_authorized_addrs could cause the Vault API server to shut down and stop responding, potentially resul...
CVE-2024-8185
CVE-2024-8185 affects Vault Community/Enterprise when using Integrated Storage with Raft; memory exhaustion via the cluster-join API can lead to DoS or Vault process crash. Likely impact is loss of service due to memory pressure. Fixes are available: Vault Community 1.18.1 and Vault Enterprise 1....
CVE-2021-41802
CVE-2021-41802 affects HashiCorp Vault and Vault Enterprise up to versions 1.7.4 and 1.8.3. A user with write permission to an entity alias ID sharing a mount accessor with another user could obtain the other user’s policies by merging identities, enabling privilege escalation. The issue is fixed...
CVE-2024-2660
CVE-2024-2660 : HashiCorp Vault and Vault Enterprise TLS cert authentication method did not correctly validate OCSP responses when multiple OCSP sources were configured, per the CVE entry. The issue affects Vault and Vault Enterprise 1.14.0 and newer and is fixed in Vault 1.16.0 and Vault Enterpr...
CVE-2020-10660
The CVE-2020-10660 issue affects HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3, where an Entity’s Group membership could inadvertently include Groups the Entity no longer has permissions to. The root cause is a mismanagement of group associations, enabling a bypass of access c...
CVE-2025-4656
CVE-2025-4656 affects Vault Community Edition and Vault Enterprise: rekey and recovery key operations can cause a denial of service due to uncontrolled cancellation by a Vault operator. The issue is mitigated in Vault Community Edition 1.20.0 and Vault Enterprise updates 1.20.0, 1.19.6, 1.18.11, ...
CVE-2024-7594
CVE-2024-7594 affects Vault’s SSH secrets engine. By default, if the fields valid_principals and default_user are not configured, an SSH certificate requested by an authorized user could authenticate as any user on the host. This is mitigated by upgrading to Vault Community Edition 1.17.6 or Vaul...
CVE-2026-5052
Vault’s PKI engine ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges, creating potential SSRF and information disclosure against internal targets. The issue affects Vault Community Edition up to 2.0.0 and Vault Enterprise up to 2.0.0, as well as 1.21.5, ...
CVE-2023-2197
CVE-2023-2197 affects HashiCorp Vault Enterprise 1.13.0 to 1.13.1, where using an HSM with CBC-based encryption (CKM_AES_CBC_PAD or CKM_AES_CBC) enables a padding oracle condition. An attacker with storage-modification privileges and Vault restart capability could intercept or modify ciphertext t...
CVE-2020-16251
CVE-2020-16251 affects HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer when configured with the GCP GCE auth method. The issue allows authentication bypass due to a flaw in the GCP authentication flow. Fixed in Vault/Vault Enterprise releases 1.2.5, 1.3.8, 1.4.4, and 1.5.1. The avai...
CVE-2022-25244
The vulnerability CVE-2022-25244 affects HashiCorp Vault Enterprise clusters using the tokenization transform feature. The tokenization key can be exposed via the tokenization key configuration endpoint to authorized operators with read permissions, enabling disclosure of sensitive material. Affe...
CVE-2023-3775
The CVE concerns Vault Enterprise: a Sentinel RGP policy created by an operator to restrict access in one namespace could be applied to requests in a different, non-descendant namespace, enabling a denial-of-service condition. Impact is described as availability impact (DoS). Remediation: upgrade...
CVE-2022-25243
CVE-2022-25243 affects HashiCorp Vault and Vault Enterprise: PKI secrets engine could issue wildcard certificates to authorized users under certain configurations, even when allow_subdomains is false. Impacted are Vault and Vault Enterprise versions 1.8.0–1.8.8 and 1.9.3. Root cause: PKI configur...
CVE-2021-43998
HashiCorp Vault and Vault Enterprise were affected by a logic flaw in templated ACL policies: if an entity had multiple aliases for a given entity+mount, the policy could incorrectly apply and match the first-created alias. Affected versions are 0.11.0 through 1.7.5 and 1.8.4. The issue is fixed ...
CVE-2022-40186
CVE-2022-40186 affects HashiCorp Vault and Vault Enterprise prior to 1.11.3. A flaw in the Identity Engine’s handling of mount accessors with shared alias names can cause metadata to be overwritten for the wrong alias, potentially allowing an authenticated local attacker to access unintended KV p...
CVE-2024-9180
HashiCorp Vault vulnerability CVE-2024-9180: a privileged Vault operator with write access to the root namespace identity endpoint could escalate to Vault’s root policy. Affected product: Vault (community and enterprise) with root-privilege escalation via identity endpoint. Remediation: upgrade t...
CVE-2025-3879
CVE-2025-3879 affects Vault (Vault Community and Vault Enterprise) where the Azure Auth method did not correctly validate claims in the Azure-issued token, allowing potential bypass of the bound_locations restriction on login. The issue is described across multiple sources and is evidenced by OSV...
CVE-2025-6015
CVE-2025-6015 — HashiCorp Vault MFA rate-limiting bypass with TOTP reuse . The vulnerability affects Vault and Vault Enterprise, where login MFA rate limits could be bypassed and TOTP codes reused due to a normalization issue in the TOTP handling. Fixed in Vault Community Edition 1.20.1 and Vault...
CVE-2021-3282
CVE-2021-3282 affects HashiCorp Vault Enterprise 1.6.0 and 1.6.1, where the remove-peer raft operator command could be executed against disaster-recovery (DR) secondary nodes without authentication. The underlying issue allowed an unauthenticated action on DR secondaries, potentially enabling una...
CVE-2021-27668
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed reading license metadata from DR secondaries without authentication. The issue is fixed in 1.6.3. This CVE (CVE-2021-27668) affects the Vault Enterprise license metadata exposure via DR secondary replicas; no authentication was required to ac...
CVE-2022-30689
CVE-2022-30689 affects HashiCorp Vault and Vault Enterprise versions 1.10.0–1.10.2, where the Login MFA feature was not correctly configured or enforced after server restarts. The root cause is improper MFA configuration at login following a restart, impacting the Login MFA flow introduced in 1.1...
CVE-2021-38553
CVE-2021-38553 affects HashiCorp Vault and Vault Enterprise 1.4.0–1.7.3, where the Integrated Storage backend initialized an underlying database file with excessively broad filesystem permissions. The issue is fixed in Vault and Vault Enterprise 1.8.0.
CVE-2020-13223
CVE-2020-13223 affects HashiCorp Vault and Vault Enterprise. The issue arises from logging proxy environment variables that could reveal sensitive credentials. This is documented across multiple sources (e.g., NVD, osv, CNVD) with fixed versions identified as 1.3.6 and 1.4.2. Impact is informatio...
CVE-2021-3024
CVE-2021-3024 affects HashiCorp Vault and Vault Enterprise, where internal Vault node IP addresses were disclosed in response to certain invalid, unauthenticated HTTP requests. The issue is fixed in Vault versions 1.6.2 and 1.5.7. Other connected records reiterate the same behavior and fix; no fu...
CVE-2020-25594
CVE-2020-25594 affects HashiCorp Vault and Vault Enterprise. The issue allowed unauthenticated HTTP requests to enumerate Secrets Engine mount paths. This was fixed in Vault 1.6.2 and Vault Enterprise 1.5.7. The connected sources confirm the vulnerability description and the remediation versions;...
CVE-2021-27400
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) were affected by not validating TLS certificates when connecting to Cassandra clusters. Root cause reported as missing TLS hostname/certificate validation in the Cassandra integration ...
CVE-2022-36129
HashiCorp Vault Enterprise clusters using Integrated Storage (versions 1.7.0–1.9.7, 1.10.4, 1.11.0) expose an unauthenticated API endpoint that can be abused to override the voter status of a node in a Vault HA cluster, potentially enabling data loss or catastrophic failure. The issue is caused b...
CVE-2021-45042
Summary: CVE-2021-45042 affects HashiCorp Vault/Vault Enterprise with the Integrated Storage backend. An authenticated user with write access to a KV secrets engine can trigger a panic in the storage backend, causing a denial of service. Affected versions include 1.4.0 through before 1.7.7 (1.7.7...
CVE-2020-25816
CVE-2020-25816 affects HashiCorp Vault and Vault Enterprise (1.0 and later). Root cause: batch token leases were not scheduled to expire, letting leases outlive their TTL. Consequence: batch token leases could persist beyond intended TTL, undermining expiration controls. Fixed in Vault 1.4.7 and ...
CVE-2020-7220
The CVE-2020-7220 issue affects HashiCorp Vault Enterprise 0.11.0–1.3.1, where dynamic secrets for a mount in a deleted namespace may not be revoked. Root cause: failure to revoke secrets under certain namespace deletion scenarios. Impact: potential exposure of previously issued dynamic secrets. ...
CVE-2025-6000
CVE-2025-6000 affects HashiCorp Vault where a privileged Vault operator in the root namespace with write access to {{sys/audit}} can trigger code execution on the host via a misconfigured plugin directory. Connected advisories corroborate the root-namespace operator scenario and the plugin-direct...
CVE-2023-6337
CVE-2023-6337 affects HashiCorp Vault and Vault Enterprise 1.12.0 and newer. The issue causes a denial of service via memory exhaustion on the host when handling large unauthenticated or authenticated HTTP requests, as Vault attempts to map large requests into memory, potentially exhausting memor...