CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25000 – Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations
https://notcve.org/view.php?id=CVE-2023-25000
30 Mar 2023 — HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9. A flaw was found in the Hashicorp vault. This flaw allows an attacker with access to and the ability to observe a large numbe... • https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-24999 – Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation
https://notcve.org/view.php?id=CVE-2023-24999
10 Mar 2023 — HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above. A flaw was found in the Hashicorp vault. When using the Vault and Vault Enterprise approle auth method, any authenticated user with access to the /auth/approle/role/:role_name/secret-id-accessor/destroy endpoint can des... • https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-41316 – vault: insufficient certificate revocation list checking
https://notcve.org/view.php?id=CVE-2022-41316
12 Oct 2022 — HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10. El método de autenticación de certificados TLS de HashiCorp Vault y Vault Enterprise no cargaba inicialmente la CRL configurada opcionalmente y emitida por la CA del rol en la memoria al iniciarse, resultando ... • https://discuss.hashicorp.com • CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-45042 – Gentoo Linux Security Advisory 202207-01
https://notcve.org/view.php?id=CVE-2021-45042
17 Dec 2021 — In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0. En HashiCorp Vault y Vault Enterprise versiones anteriores a 1.7.7, 1.8.x anteriores a 1.8.6 y 1.9.x anteriores a 1.9.1, los clusters que usaban el backend de almacenamiento integrado per... • https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43998 – vault: incorrect policy enforcement
https://notcve.org/view.php?id=CVE-2021-43998
30 Nov 2021 — HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0. Las políticas ACL templadas de HashiCorp Vault y Vault Enterprise 0.11.0 versiones hasta 1.7.5 y 1.8.4 siempre coincidían con el primer alias de entidad creado si presentaban var... • https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41802 – Gentoo Linux Security Advisory 202207-01
https://notcve.org/view.php?id=CVE-2021-41802
08 Oct 2021 — HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4. HashiCorp Vault y Vault Enterprise versiones hasta 1.7.4 y 1.8.3, permitían que un usuario con permiso de escritura en un ID de alias de entidad que compartía un accesorio de montaje con otro usuario adquiriera las políticas de e... • https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27668 – Gentoo Linux Security Advisory 202207-01
https://notcve.org/view.php?id=CVE-2021-27668
31 Aug 2021 — HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3. HashiCorp Vault Enterprise versiones 0.9.2 hasta 1.6.2, permitía la lectura de metadatos de licencia de DR secundarios sin autenticación. Corregido en versión 1.6.3 Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service. Versions less than 1.10.3 are affected. • https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427 • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38553 – Gentoo Linux Security Advisory 202207-01
https://notcve.org/view.php?id=CVE-2021-38553
13 Aug 2021 — HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0. HashiCorp Vault y Vault Enterprise versiones 1.4.0 hasta 1.7.3, inicializaban un archivo de base de datos subyacente asociado con la funcionalidad Integrated Storage con permisos de sistema de archivos excesivamente amplios. Corregido en Vault y Vault Enterprise versión 1.8.0. ... • https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168 • CWE-281: Improper Preservation of Permissions •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38554 – Gentoo Linux Security Advisory 202207-01
https://notcve.org/view.php?id=CVE-2021-38554
13 Aug 2021 — HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases. La interfaz de usuario de HashiCorp Vault y Vault Enterprise almacenaba erróneamente en caché y exponía los secretos visualizados por el usuario entre sesiones en un mismo navegador compartido. Corregido en versión 1.8.0 y en versiones pendientes 1.7.4 / 1.6.6. Multiple vulnerabilities have been discovered in HashiCorp Va... • https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 7.4EPSS: 3%CPEs: 6EXPL: 0CVE-2021-32923 – Gentoo Linux Security Advisory 202207-01
https://notcve.org/view.php?id=CVE-2021-32923
03 Jun 2021 — HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2. HashiCorp Vault y Vault Enterprise permitían la renovación de los contratos de alquiler de tokens casi caducados y de los contratos de alquiler de secretos dinámicos (concretamente, los que estaban a menos de 1 segundo de... • https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603 • CWE-613: Insufficient Session Expiration •