NotCVE - vendor:"Hashicorp" product:"Vault" version:" >= 1.3.0

Page 6 of 28 results (0.037 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-10660

https://notcve.org/view.php?id=CVE-2020-10660

HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4. HashiCorp Vault y Vault Enterprise versiones 0.9.0 hasta 1.3.3, pueden bajo determinadas circunstancias, presentar una membresía Entity's Group que inadvertidamente incluye Grupos a los que la Entidad ya no tiene permiso. Corregido en 1.3.4. • https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020 https://www.hashicorp.com/blog/category/vault • CWE-276: Incorrect Default Permissions •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-7220

https://notcve.org/view.php?id=CVE-2020-7220

HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2. HashiCorp Vault Enterprise versiones 0.11.0 hasta 1.3.1 presenta un fallo, en determinadas circunstancias, al revocar secretos dinámicos para un montaje en un espacio de nombres eliminado. Corregido en versión 1.3.2. • https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020 https://www.hashicorp.com/blog/category/vault • CWE-404: Improper Resource Shutdown or Release •

CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2015-5711

https://notcve.org/view.php?id=CVE-2015-5711

TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request. Vulnerabilidad en TIBCO Managed File Transfer Internet Server en versiones anteriores a 7.2.5, Managed File Transfer Command Center en versiones anteriores a 7.2.5, Slingshot en versiones anteriores a 1.9.4 y Vault en versiones anteriores a 2.0.1, permite a usuarios remotos autenticados obtener información sensible a través de una petición HTTP manipulada. • http://www.securitytracker.com/id/1033678 http://www.tibco.com/assets/blt423f06fbac6ee0c6/2015-003-advisory.txt http://www.tibco.com/mk/advisory.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

1...4 5 6